Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-16982
- https://github.com/BYVoid/OpenCC/issues/303
- https://github.com/BYVoid/OpenCC/pull/309
- https://github.com/BYVoid/OpenCC/pull/560
- https://github.com/BYVoid/OpenCC/pull/560/commits/e1b8c7949738100e4747dd4109ef1f16e1bd99c4
- https://github.com/advisories/GHSA-9qh2-6fxg-9m4g