An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 7.0 | |
leptonica | le | 1.75.3 |