GHSA-9qh2-6fxg-9m4g

Source

https://github.com/advisories/GHSA-9qh2-6fxg-9m4g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9qh2-6fxg-9m4g/GHSA-9qh2-6fxg-9m4g.json

Aliases

CVE-2018-16982

Published

2022-05-14T01:55:28Z

Modified

2023-11-08T04:00:02.485685Z

Details

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-16982
https://github.com/BYVoid/OpenCC/issues/303
https://github.com/BYVoid/OpenCC/pull/309
https://github.com/BYVoid/OpenCC/pull/560
https://github.com/BYVoid/OpenCC/pull/560/commits/e1b8c7949738100e4747dd4109ef1f16e1bd99c4
https://github.com/BYVoid/OpenCC/commit/4a4f9e58e505fca93605f22363c133df66a91a5e
https://github.com/BYVoid/OpenCC

Affected packages

npm / opencc

Package

Name: opencc

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.2

PyPI / opencc

Package

Name: opencc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.2

Affected versions

0.*

0.1

0.2

1.*

1.1.0

1.1.0.post1

1.1.1

1.1.1.post1