CVE-2017-18196

2018-02-23T21:29:00
ID CVE-2017-18196
Type cve
Reporter cve@mitre.org
Modified 2019-10-03T00:03:00

Description

Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.