Leptonica up to and including 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
leptonica leptonica |