{"id":"CVE-2018-17294","details":"The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.","modified":"2026-04-11T12:27:56.776487Z","published":"2018-09-21T07:29:00.617Z","related":["SUSE-SU-2019:0795-1","SUSE-SU-2019:13994-1","SUSE-SU-2020:3107-1","openSUSE-SU-2019:1160-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105511"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3782-1/"},{"type":"FIX","url":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e"},{"type":"FIX","url":"https://github.com/liblouis/liblouis/issues/635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liblouis/liblouis","events":[{"introduced":"0"},{"fixed":"97ce1c67fccbd3668291b7e63c06161c095d49f2"},{"fixed":"5e4089659bb49b3095fa541fa6387b4c40d7396e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.7.0"}]}}],"versions":["v2.6.0","v2.6.1","v3.0.0","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17294.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}],"vanir_signatures_modified":"2026-04-11T12:27:56Z","vanir_signatures":[{"id":"CVE-2018-17294-2f4dd9cf","signature_version":"v1","deprecated":false,"target":{"file":"liblouis/lou_translateString.c"},"source":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e","digest":{"threshold":0.9,"line_hashes":["293025375813258006096499344806738091290","202534738202325194255144843342373936495","316992701927929723134959434482094089898","88845949797712808691018509916674065102"]},"signature_type":"Line"},{"id":"CVE-2018-17294-aec5fdcc","signature_version":"v1","deprecated":false,"target":{"file":"liblouis/lou_translateString.c","function":"matchCurrentInput"},"source":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e","digest":{"length":316,"function_hash":"10198799392122735941565708499321028572"},"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}