PublicDateAtUSN: 2018-06-09
Candidate: CVE-2018-12085
PublicDate: 2018-06-09 11:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12085
 https://ubuntu.com/security/notices/USN-3782-1
Description:
 Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars
 in compileTranslationTable.c, a different vulnerability than
 CVE-2018-11440.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/liblouis/liblouis/issues/595
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901202
Priority: low
Discovered-by: Henri Salo
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_liblouis:
 upstream: https://github.com/liblouis/liblouis/commit/dbfa58bb128cae86729578ac596056b3385817ef
upstream_liblouis: released (3.5.0-4)
precise/esm_liblouis: DNE
trusty_liblouis: released (2.5.3-2ubuntu1.5)
trusty/esm_liblouis: DNE (trusty was released [2.5.3-2ubuntu1.5])
xenial_liblouis: released (2.6.4-2ubuntu0.4)
esm-infra/xenial_liblouis: released (2.6.4-2ubuntu0.4)
artful_liblouis: ignored (reached end-of-life)
bionic_liblouis: released (3.5.0-1ubuntu0.3)
devel_liblouis: not-affected (3.5.0-4)