View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-17294 severity low: SUSE including 25 source package names (liblouis, liblouis-1.7.0-1.3.16.1, …), 114 product×package rows across 37 product lines (SUSE CaaS Platform 4.5, SUSE Enterprise Storage 7, … (37 product lines)): Known Not Affected 67, Fixed 47.
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.