Denial of Service Vulnerability in Open Chinese Convert by BYVoid
CVE-2018-16982

5.5MEDIUM

Key Information:

Vendor: Byvoid
Status: Open Chinese Convert
Vendor: CVE Published:; 13 September 2018

What is CVE-2018-16982?

The Open Chinese Convert (OpenCC) version 1.0.5 is susceptible to a denial of service condition triggered by malformed .ocd files. Specifically, a flaw in the BinaryDict::NewFromFile function might lead to segmentation faults due to improperly validated keyOffset and valueOffset values. This vulnerability can be exploited by attackers to crash the application, interrupting service and impacting user experience.

References

https://github.com/BYVoid/OpenCC/issues/303

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 13, 2018

JSON

Byvoid

What is CVE-2018-16982?

References

CVSS V3.1

Timeline