CVE-2018-16982 — Open Chinese Convert subject to Denial of Service via Out-of-bounds Read

Description

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.

How to fix CVE-2018-16982

To remediate CVE-2018-16982, upgrade the affected package to a fixed version below.

—upgrade to 1.1.2 or later

Is CVE-2018-16982 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.1.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-16982
PATCHgithub.com/BYVoid/OpenCC
WEBgithub.com/BYVoid/OpenCC/commit/4a4f9e58e505fca93605f22363c133df66a91a5e
WEBgithub.com/BYVoid/OpenCC/issues/303
WEB