Bug#1011984: liblouis: CVE-2022-31783
Samuel Thibault
sthibault at debian.org
Sat May 28 22:32:31 BST 2022
Control: severity -1 normal
Hello,
Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit:
> CVE-2022-31783[0]:
> | Liblouis 3.21.0 has an out-of-bounds write in compileRule in
> | compileTranslationTable.c, as demonstrated by lou_trace.
lou_trace takes a braille table as input, which is not something people
would inject from outer sources. So I'm lowering the severity of this
bug, it'll get close when upstream integrates the fix.
Samuel
More information about the Pkg-a11y-devel
mailing list