ID CVE-2017-13744
Summary There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
References
Vulnerable Configurations
  • cpe:2.3:a:liblouis:liblouis:3.2.0
    cpe:2.3:a:liblouis:liblouis:3.2.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-F9F6398158.NASL
    description Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 106012
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106012
    title Fedora 27 : liblouis (2017-f9f6398158)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1120.NASL
    description This update for liblouis fixes several issues. These security issues were fixed : - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103660
    published 2017-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103660
    title openSUSE Security Update : liblouis (openSUSE-2017-1120)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2570-1.NASL
    description This update for liblouis fixes several issues. These security issues were fixed : - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103528
    published 2017-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103528
    title SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2017:2570-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1289.NASL
    description According to the versions of the liblouis packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104908
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104908
    title EulerOS 2.0 SP1 : liblouis (EulerOS-SA-2017-1289)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1290.NASL
    description According to the versions of the liblouis packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 104909
    published 2017-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104909
    title EulerOS 2.0 SP2 : liblouis (EulerOS-SA-2017-1290)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-2C9852DD05.NASL
    description Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 104592
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104592
    title Fedora 26 : liblouis (2017-2c9852dd05)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171102_LIBLOUIS_ON_SL7_X.NASL
    description Security Fix(es) : - Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 104373
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104373
    title Scientific Linux Security Update : liblouis on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3111.NASL
    description From Red Hat Security Advisory 2017:3111 : An update for liblouis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es) : * Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) The CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat).
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 104368
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104368
    title Oracle Linux 7 : liblouis (ELSA-2017-3111)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3111.NASL
    description An update for liblouis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es) : * Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) The CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104396
    published 2017-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104396
    title CentOS 7 : liblouis (CESA-2017:3111)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3111.NASL
    description An update for liblouis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es) : * Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) The CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 104372
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104372
    title RHEL 7 : liblouis (RHSA-2017:3111)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3408-1.NASL
    description It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. (CVE-2017-13738, CVE-2017-13744) It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attacker can use this to denial of service or remote code execution. (CVE-2017-13739) It was discovered a stack-based buffer overflow in Liblouis. A remote attacker can use this to denial of service or possibly unspecified other impact. (CVE-2017-13740, CVE-2017-13742). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102956
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102956
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : liblouis vulnerabilities (USN-3408-1)
redhat via4
advisories
bugzilla
id 1492701
title CVE-2014-8184 liblouis: stack-based buffer overflow in findTable()
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment liblouis is earlier than 0:2.5.2-11.el7_4
        oval oval:com.redhat.rhsa:tst:20173111005
      • comment liblouis is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20173111006
    • AND
      • comment liblouis-devel is earlier than 0:2.5.2-11.el7_4
        oval oval:com.redhat.rhsa:tst:20173111009
      • comment liblouis-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20173111010
    • AND
      • comment liblouis-doc is earlier than 0:2.5.2-11.el7_4
        oval oval:com.redhat.rhsa:tst:20173111013
      • comment liblouis-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20173111014
    • AND
      • comment liblouis-python is earlier than 0:2.5.2-11.el7_4
        oval oval:com.redhat.rhsa:tst:20173111011
      • comment liblouis-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20173111012
    • AND
      • comment liblouis-utils is earlier than 0:2.5.2-11.el7_4
        oval oval:com.redhat.rhsa:tst:20173111007
      • comment liblouis-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20173111008
rhsa
id RHSA-2017:3111
released 2017-11-02
severity Moderate
title RHSA-2017:3111: liblouis security update (Moderate)
rpms
  • liblouis-0:2.5.2-11.el7_4
  • liblouis-devel-0:2.5.2-11.el7_4
  • liblouis-doc-0:2.5.2-11.el7_4
  • liblouis-python-0:2.5.2-11.el7_4
  • liblouis-utils-0:2.5.2-11.el7_4
refmap via4
bid 100607
misc https://bugzilla.redhat.com/show_bug.cgi?id=1484338
Last major update 29-08-2017 - 02:29
Published 29-08-2017 - 02:29
Last modified 01-12-2017 - 21:29
Back to Top