Headline
CVE-2022-31783: Prevent an invalid memory writes in compileRule · liblouis/liblouis@ff747ec
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
@@ -3736,12 +3736,14 @@ compileRule(FileInfo *file, TranslationTableHeader **table,
case CTO_SeqAfterExpression: if (!getRuleCharsText(file, &ruleChars)) return 0; for ((*table)->seqAfterExpressionLength = 0; (*table)->seqAfterExpressionLength < ruleChars.length; (*table)->seqAfterExpressionLength++) (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = ruleChars.chars[(*table)->seqAfterExpressionLength]; (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0; if ((ruleChars.length + 1) > SEQPATTERNSIZE) { compileError(file, "More than %d characters", SEQPATTERNSIZE); return 0; } for (int k = 0; k < ruleChars.length; k++) (*table)->seqAfterExpression[k] = ruleChars.chars[k]; (*table)->seqAfterExpression[ruleChars.length] = 0; (*table)->seqAfterExpressionLength = ruleChars.length; return 1;
case CTO_CapsModeChars:
Related news
Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.
Ubuntu Security Notice 5476-1 - Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.