Open Chinese Convert subject to Denial of Service via Out-of-bounds Read

Description

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.

Recommendation

Update the opencc package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.1.2
• Patched version(s): 1.1.2

References

• GHSA-9qh2-6fxg-9m4g
• CVE-2018-16982
• CWE-125
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Open Chinese Convert has Out-of-bounds Write - CVE-2025-15536
• steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
• protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion - CVE-2026-45740
• Parse Server: Pre-authentication denial of service via client version header regex backtracking - CVE-2026-47138

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

opencc