Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

leptonica leptonica vulnerabilities and exploits

(subscribe to this query)
9.1
CVSSv3
CVE-2018-7442
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
Leptonica Leptonica
7
CVSSv3
CVE-2018-7441
Leptonica up to and including 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage...
Leptonica Leptonica
9.8
CVSSv3
CVE-2018-7247
An issue exists in pixHtmlViewer in prog/htmlviewer.c in Leptonica prior to 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
Leptonica Leptonica
3.3
CVSSv3
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory...
Leptonica Leptonica 1.74.4
9.8
CVSSv3
CVE-2018-7440
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Leptonica LeptonicaDebian Debian Linux 7.0
9.8
CVSSv3
CVE-2018-7186
Leptonica prior to 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrat...
Leptonica LeptonicaDebian Debian Linux 7.0
7.8
CVSSv3
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an appl...
Leptonica Leptonica 1.74.4Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2020-36280
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
Leptonica LeptonicaFedoraproject Fedora 32Fedoraproject Fedora 33
6.5
CVSSv3
CVE-2022-38266
An issue in the Leptonica linked library (v1.79.0) allows malicious users to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
Tesseract Project Tesseract 5.0.0Leptonica LeptonicaDebian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-36277
Leptonica prior to 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
Leptonica LeptonicaFedoraproject Fedora 32Fedoraproject Fedora 33Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook