{"id":"CVE-2018-17294","details":"The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.","modified":"2026-04-11T18:45:15.594109Z","published":"2018-09-21T07:29:00.617Z","related":["SUSE-SU-2019:0795-1","SUSE-SU-2019:13994-1","SUSE-SU-2020:3107-1","openSUSE-SU-2019:1160-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"18.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"}],"cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105511"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3782-1/"},{"type":"FIX","url":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e"},{"type":"FIX","url":"https://github.com/liblouis/liblouis/issues/635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liblouis/liblouis","events":[{"introduced":"0"},{"fixed":"97ce1c67fccbd3668291b7e63c06161c095d49f2"},{"fixed":"5e4089659bb49b3095fa541fa6387b4c40d7396e"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"3.7.0"}],"cpe":"cpe:2.3:a:liblouis:liblouis:*:*:*:*:*:*:*:*"}}],"versions":["v2.6.0","v2.6.1","v3.0.0","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17294.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2018-17294-2f4dd9cf","digest":{"threshold":0.9,"line_hashes":["293025375813258006096499344806738091290","202534738202325194255144843342373936495","316992701927929723134959434482094089898","88845949797712808691018509916674065102"]},"deprecated":false,"target":{"file":"liblouis/lou_translateString.c"},"source":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2018-17294-aec5fdcc","digest":{"length":316,"function_hash":"10198799392122735941565708499321028572"},"deprecated":false,"target":{"file":"liblouis/lou_translateString.c","function":"matchCurrentInput"},"source":"https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T18:45:15Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}