Lucene search

K
osvGoogleOSV:CVE-2018-17294
HistorySep 21, 2018 - 7:29 a.m.

CVE-2018-17294

2018-09-2107:29:00
Google
osv.dev
13
liblouis
denial of service
crafted input

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.8%

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string’s length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.8%