Bug#1011984: liblouis: CVE-2022-31783
Salvatore Bonaccorso
carnil at debian.org
Sun May 29 09:52:51 BST 2022
Hi Samuel,
On Sat, May 28, 2022 at 11:32:31PM +0200, Samuel Thibault wrote:
> Control: severity -1 normal
>
> Hello,
>
> Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit:
> > CVE-2022-31783[0]:
> > | Liblouis 3.21.0 has an out-of-bounds write in compileRule in
> > | compileTranslationTable.c, as demonstrated by lou_trace.
>
> lou_trace takes a braille table as input, which is not something people
> would inject from outer sources. So I'm lowering the severity of this
> bug, it'll get close when upstream integrates the fix.
Okay, yes this make sense.
Regards,
Salvatore
More information about the Pkg-a11y-devel
mailing list