Bug#1033202: liblouis: CVE-2023-26767 CVE-2023-26768 CVE-2023-26769
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 19 16:09:09 GMT 2023
Source: liblouis
Version: 3.24.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for liblouis.
CVE-2023-26767[0]:
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a
| remote attacker to cause a denial of service via the lou_logFile
| function at logginc.c endpoint.
CVE-2023-26768[1]:
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a
| remote attacker to cause a denial of service via the
| compileTranslationTable.c and lou_setDataPath functions.
CVE-2023-26769[2]:
| Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0
| allows a remote attacker to cause a denial of service via the
| resolveSubtable function at compileTranslationTabel.c.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26767
https://www.cve.org/CVERecord?id=CVE-2023-26767
[1] https://security-tracker.debian.org/tracker/CVE-2023-26768
https://www.cve.org/CVERecord?id=CVE-2023-26768
[2] https://security-tracker.debian.org/tracker/CVE-2023-26769
https://www.cve.org/CVERecord?id=CVE-2023-26769
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-a11y-devel
mailing list