Published: 24/04/2018 Updated: 03/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
leptonica leptonica 1.74.4
debian debian linux 7.0

Debian Bug report logs - #889759 leptonlib: CVE-2018-3836: gplotMakeOutput Command Injection Vulnerability Package: src:leptonlib; Maintainer for src:leptonlib is Jeff Breidenbach <jab@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 6 Feb 2018 21:03:01 UTC Severity: grave Tags: security ...

Debian Bug report logs - #898439 leptonlib: CVE-2018-7442 Package: src:leptonlib; Maintainer for src:leptonlib is Jeff Breidenbach <jab@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 May 2018 17:21:01 UTC Severity: important Tags: security, upstream Found in version leptonlib/1753 ...

Debian Bug report logs - #891932 CVE-2018-7440 gplotMakeOutput() command injection vulnerability Package: src:leptonlib; Maintainer for src:leptonlib is Jeff Breidenbach <jab@debianorg>; Reported by: "Santiago RR" <santiagorr@riseupnet> Date: Fri, 2 Mar 2018 18:18:01 UTC Severity: grave Tags: patch, security Fo ...

CWE-78 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516 https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889759

CVE-2018-3836

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect