Control: severity -1 normal Hello,
I don't think any of these is an actual security issue. Salvatore Bonaccorso, le dim. 19 mars 2023 17:09:09 +0100, a ecrit: > The following vulnerabilities were published for liblouis. > > CVE-2023-26767[0]: > | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a > | remote attacker to cause a denial of service via the lou_logFile > | function at logginc.c endpoint. lou_logFile is not the kind of thing that is supposed to be usable by attackers. If it was it would be *way* more serious than a buffer overflow is. > CVE-2023-26768[1]: > | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a > | remote attacker to cause a denial of service via the > | compileTranslationTable.c and lou_setDataPath functions. It is the user that is in control of loading the translation table. The content of the table *has* to be under the control of the user. If an attacker was able to change the able, it would be *way* more problematic than just buffer overflows. > CVE-2023-26769[2]: > | Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 > | allows a remote attacker to cause a denial of service via the > | resolveSubtable function at compileTranslationTabel.c. lou_trace is a debugging tool. Samuel
