Bug 1095189 - (CVE-2018-11440) VUL-1: CVE-2018-11440: liblouis: Stack-based Buffer Overflow in parseChars function in compileTranslationTable.c
(CVE-2018-11440)
VUL-1: CVE-2018-11440: liblouis: Stack-based Buffer Overflow in parseChars fu...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/206502/
CVSSv3:SUSE:CVE-2018-11440:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-30 10:57 UTC by Karol Babioch
Modified: 2022-10-21 07:57 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-05-30 10:57:52 UTC
rh#1582658

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in
compileTranslationTable.c.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1582658
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11440
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11440.html
https://github.com/liblouis/liblouis/issues/575
Comment 1 Karol Babioch 2018-05-30 11:03:47 UTC
On Tumbleweed:

rpm -qi liblouis-tools 
Name        : liblouis-tools
Version     : 3.3.0
Release     : 3.1
Architecture: x86_64
Install Date: Mi 30 Mai 2018 13:00:39 CEST
Group       : Productivity/Other
Size        : 218383
License     : GPL-3.0-or-later
Signature   : RSA/SHA256, Do 08 Mär 2018 11:29:14 CET, Key ID b88b2fd43dbdc284
Source RPM  : liblouis-3.3.0-3.1.src.rpm
Build Date  : Mi 28 Feb 2018 13:00:00 CET
Build Host  : lamb54
Relocations : (not relocatable)
Packager    : https://bugs.opensuse.org
Vendor      : openSUSE
URL         : http://liblouis.org/
Summary     : Tools from the liblouis braille translator package
Description :
liblouis is a translator from and to braille. It features support for
computer and literary braille, supports contracted and uncontracted
translation for many languages and has support for hyphenation.
Distribution: openSUSE Tumbleweed

valgrind lou_checktable 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb
==12036== Memcheck, a memory error detector
==12036== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==12036== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==12036== Command: lou_checktable 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb
==12036== 
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:1: error: opcode '000' not defined.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:3: error: opcode '0' not defined.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:5: error: invalid dot number '0'.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:6: error: opcode '0000000000000' not defined.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:7: error: Exactly two Unicode characters and at least one cell are required.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: error: dots operand not specified.
14 warnings issued
6 errors found.
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb could not be found
==12036== 
==12036== HEAP SUMMARY:
==12036==     in use at exit: 4,112 bytes in 2 blocks
==12036==   total heap usage: 33 allocs, 31 frees, 74,107 bytes allocated
==12036== 
==12036== LEAK SUMMARY:
==12036==    definitely lost: 16 bytes in 1 blocks
==12036==    indirectly lost: 4,096 bytes in 1 blocks
==12036==      possibly lost: 0 bytes in 0 blocks
==12036==    still reachable: 0 bytes in 0 blocks
==12036==         suppressed: 0 bytes in 0 blocks
==12036== Rerun with --leak-check=full to see details of leaked memory
==12036== 
==12036== For counts of detected and suppressed errors, rerun with: -v
==12036== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Comment 2 Karol Babioch 2018-05-30 11:22:04 UTC
Based on the reproducer and a quick code review SUSE:SLE-11-SP1:Update is probably not affected, and SUSE:SLE-12-SP2:Update probably is.
Comment 8 Swamp Workflow Management 2018-09-21 10:15:39 UTC
SUSE-SU-2018:2780-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1095189,1095825,1095826,1095827,1095945,1097103
CVE References: CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    liblouis-2.6.4-6.6.1
SUSE Linux Enterprise Server 12-SP3 (src):    liblouis-2.6.4-6.6.1, python-louis-2.6.4-6.6.1, python3-louis-2.6.4-6.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    liblouis-2.6.4-6.6.1, python3-louis-2.6.4-6.6.1
Comment 9 Swamp Workflow Management 2018-09-24 10:18:27 UTC
openSUSE-SU-2018:2819-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1095189,1095825,1095826,1095827,1095945,1097103
CVE References: CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085
Sources used:
openSUSE Leap 42.3 (src):    liblouis-2.6.4-9.1, python-louis-2.6.4-9.1
Comment 12 Swamp Workflow Management 2019-03-28 17:10:40 UTC
SUSE-SU-2019:0795-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1094685,1095189,1095825,1095826,1095827,1095945,1097103,1109319
CVE References: CVE-2018-11410,CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085,CVE-2018-17294
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    liblouis-3.3.0-4.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    liblouis-3.3.0-4.5.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-04-05 19:13:19 UTC
openSUSE-SU-2019:1160-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1094685,1095189,1095825,1095826,1095827,1095945,1097103,1109319
CVE References: CVE-2018-11410,CVE-2018-11440,CVE-2018-11577,CVE-2018-11683,CVE-2018-11684,CVE-2018-11685,CVE-2018-12085,CVE-2018-17294
Sources used:
openSUSE Leap 15.0 (src):    liblouis-3.3.0-lp150.3.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Thomas Leroy 2022-10-21 07:57:57 UTC
Fixed