In 2019 Common Vulnerabilities and Exposures listed two buffer overflow issues in Lout, which can be exploited if untrusted documents are processed.[4][5]Debian removed Lout in October 2020 due to these issues not having been patched;[6][7] the package had had no maintainer since 2013.[8]