Liblouis是一款使用C语言编写的开源的盲文翻译器。
Liblouis 3.5.0版本中的compileTranslationTable.c文件的‘compileHyphenation’函数存在基于栈的缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码或造成拒绝服务。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/liblouis/liblouis/issues/593
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00038.html
来源:MISC
链接:https://github.com/liblouis/liblouis/issues/593
来源:UBUNTU
链接:https://usn.ubuntu.com/3672-1/
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190795-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/78022
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1517/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157456/Red-Hat-Security-Advisory-2020-1708-01.html
