Lucene search

ROSA LABROSA-SA-2023-2178

HistoryJul 04, 2023 - 12:41 p.m.

Advisory ROSA-SA-2023-2178

2023-07-0412:41:09

ROSA LAB

abf.rosalinux.ru

leptonica library

denial of service

vulnerability fix

rosa-chrome

crafted jpeg file

unix

package version 1.79.0

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.1%

JSON

software: leptonica 1.79.0
WASP: ROSA-CHROME

package_evr_string: leptonica-1.79.0-3.src.rpm

CVE-ID: CVE-2022-38266
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An issue in the linked Leptonica library (v1.79.0) allows attackers to raise an arithmetic exception leading to a denial of service (DoS) via a crafted JPEG file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update leptonica

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchleptonica< 1.79.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	leptonica	< 1.79.0	UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for ROSA-SA-2023-2178