CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7442 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2018-7442
23 Feb 2018 — An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. Se ha descubierto un problema en Leptonica hasta su versión 1.75.3. La función gplotMakeOutput no bloquea los caracteres "/" en un argumento gplot rootname, lo que podría conducir a un salto de directorio y a la sobrescritura de archivos arbitrarios. Several vulnerabilities have been found in Lepton... • https://lists.debian.org/debian-lts/2018/02/msg00086.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7247 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2018-7247
19 Feb 2018 — An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. Se ha descubierto un problema en pixHtmlViewer en prog/htmlviewer.c en Leptonica, en versiones anteriores a la 1.75.3. Las entradas no saneadas (rootname) pueden desbordar un búfer, lo que conduciría a la ejecución de código arbitrario o a otro tipo de impacto sin especificar. Severa... • https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-7186 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2018-7186
16 Feb 2018 — Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. Leptonica, en versiones anteriores a la 1.75.3, no limita el número de caracteres en un argumento de formato %s en fscanf o sscanf, lo que permite que atacantes remotos provoquen una denegaci... • https://bugs.debian.org/890548 • CWE-787: Out-of-bounds Write •