Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leptonica leptonica vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-7440
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Leptonica Leptonica
Debian Debian Linux 7.0
7.5
CVSSv2
CVE-2018-7247
An issue exists in pixHtmlViewer in prog/htmlviewer.c in Leptonica prior to 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
Leptonica Leptonica
7.5
CVSSv2
CVE-2018-7186
Leptonica prior to 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrat...
Leptonica Leptonica
Debian Debian Linux 7.0
7.2
CVSSv2
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an appl...
Leptonica Leptonica 1.74.4
Debian Debian Linux 7.0
6.4
CVSSv2
CVE-2018-7442
An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
Leptonica Leptonica
5
CVSSv2
CVE-2020-36281
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
Leptonica Leptonica
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-36278
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
5
CVSSv2
CVE-2020-36279
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
5
CVSSv2
CVE-2020-36280
Leptonica prior to 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-36277
Leptonica prior to 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
Leptonica Leptonica
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »