Lucene search

PRIOn knowledge basePRION:CVE-2018-7441

HistoryFeb 23, 2018 - 9:29 p.m.

Race condition

2018-02-2321:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.

CPENameOperatorVersion
leptonicale1.75.3

CPE	Name	Operator	Version
	leptonica	le	1.75.3

References

lists.debian.org/debian-lts/2018/02/msg00054.html

security.gentoo.org/glsa/202312-01