CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38266 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2022-38266
09 Sep 2022 — An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Un problema en la biblioteca enlazada Leptonica (v1.79.0) permite a los atacantes provocar una excepción aritmética que conduce a una denegación de servicio (DoS) a través de un archivo JPEG manipulado Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution. Versions greater than or equal to ... • https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2020-36281 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36281
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función pixFewColorsOctcubeQuantMixed en el archivo colorquant1.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2020-36280 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36280
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función pixReadFromTiffStream, relacionado con el archivo tiffio.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 1CVE-2020-36279 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36279
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función rasteropGeneralLow, relacionada con los archivos adaptmap_reg.c y adaptmap.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2020-36278 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36278
11 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Leptonica versiones anteriores a la 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función findNextBorderPixel en el archivo ccbord.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 1CVE-2020-36277 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36277
11 Mar 2021 — Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. Leptonica versiones anteriores a 1.80.0, permite una denegación de servicio (bloqueo de la aplicación) por medio de un desplazamiento incorrecto a la izquierda en la función pixConvert2To8 en el archivo pixconv.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-3836
https://notcve.org/view.php?id=CVE-2018-3836
24 Apr 2018 — An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. Existe una vulnerabilidad explotable de inyección de comandos en la función gplotMakeOutput de Leptonica 1.74.4. Un argumento gplot rootname especialm... • https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18196 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2017-18196
23 Feb 2018 — Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. Leptonica 1.74.4 construye nombres de ruta no planeados (que contienen componentes de ruta duplicados) al operar en archivos en subdirectorios /tmp. Esto podría permitir qu... • https://bugs.debian.org/885704 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-7440 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2018-7440
23 Feb 2018 — An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. Se ha descubierto un problema en Leptonica hasta su versión 1.75.3. La función gplotMakeOutput permite la inyección de comandos mediante un $(comando) en el argumento gplot rootname. • https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7441 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2018-7441
23 Feb 2018 — Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. Leptonica, hasta la versión 1.75.3, emplea nombres de ruta embebidos, lo que permite que usuarios locales sobrescriban archivos arbitrarios o tengan otro tipo de impacto sin especificar creando archivos de antemano o ganando una condici... • https://lists.debian.org/debian-lts/2018/02/msg00054.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •