An issue exists in Leptonica up to and including 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
leptonica leptonica |
||
debian debian linux 7.0 |