Bug#1011984: liblouis: CVE-2022-31783

Salvatore Bonaccorso carnil at debian.org
Sun May 29 09:52:51 BST 2022


Hi Samuel,

On Sat, May 28, 2022 at 11:32:31PM +0200, Samuel Thibault wrote:
> Control: severity -1 normal
> 
> Hello,
> 
> Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit:
> > CVE-2022-31783[0]:
> > | Liblouis 3.21.0 has an out-of-bounds write in compileRule in
> > | compileTranslationTable.c, as demonstrated by lou_trace.
> 
> lou_trace takes a braille table as input, which is not something people
> would inject from outer sources. So I'm lowering the severity of this
> bug, it'll get close when upstream integrates the fix.

Okay, yes this make sense.

Regards,
Salvatore



More information about the Pkg-a11y-devel mailing list