Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leptonica leptonica vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2018-7442
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
Leptonica Leptonica
7
CVSSv3
CVE-2018-7441
Leptonica up to and including 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage...
Leptonica Leptonica
9.8
CVSSv3
CVE-2018-7247
An issue exists in pixHtmlViewer in prog/htmlviewer.c in Leptonica prior to 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
Leptonica Leptonica
3.3
CVSSv3
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory...
Leptonica Leptonica 1.74.4
9.8
CVSSv3
CVE-2018-7440
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Leptonica Leptonica
Debian Debian Linux 7.0
9.8
CVSSv3
CVE-2018-7186
Leptonica prior to 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrat...
Leptonica Leptonica
Debian Debian Linux 7.0
7.8
CVSSv3
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an appl...
Leptonica Leptonica 1.74.4
Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2020-36280
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.5
CVSSv3
CVE-2022-38266
An issue in the Leptonica linked library (v1.79.0) allows malicious users to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
Tesseract Project Tesseract 5.0.0
Leptonica Leptonica
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-36277
Leptonica prior to 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »