Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leptonica leptonica vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7440
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Leptonica Leptonica
Debian Debian Linux 7.0
9.8
CVSSv3
CVE-2018-7247
An issue exists in pixHtmlViewer in prog/htmlviewer.c in Leptonica prior to 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
Leptonica Leptonica
9.8
CVSSv3
CVE-2018-7186
Leptonica prior to 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrat...
Leptonica Leptonica
Debian Debian Linux 7.0
9.1
CVSSv3
CVE-2018-7442
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
Leptonica Leptonica
7.8
CVSSv3
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an appl...
Leptonica Leptonica 1.74.4
Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2020-36281
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
Leptonica Leptonica
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-36278
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2020-36279
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2020-36280
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-36277
Leptonica prior to 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »