The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
{ "vanir_signatures": [ { "source": "https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "target": { "file": "liblouis/lou_translateString.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "293025375813258006096499344806738091290", "202534738202325194255144843342373936495", "316992701927929723134959434482094089898", "88845949797712808691018509916674065102" ] }, "id": "CVE-2018-17294-2f4dd9cf" }, { "source": "https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "target": { "file": "liblouis/lou_translateString.c", "function": "matchCurrentInput" }, "digest": { "length": 316.0, "function_hash": "10198799392122735941565708499321028572" }, "id": "CVE-2018-17294-aec5fdcc" } ] }