34 matches found
CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
DEBIAN-CVE-2018-7440
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
Path traversal
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
DEBIAN-CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
CVE-2018-7440
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
CVE-2018-7440
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
Command injection
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
PT-2018-18075 · Dan Bloomberg +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
CVE-2018-7440
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
CVE-2018-7440
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...
CVE-2018-7442
CVE-2018-7442 affects Leptonica up to 1.75.3 where gplotMakeOutput does not block '/' in the gplot rootname, enabling path traversal and arbitrary file overwrite. The vulnerability is reachable remotely (CVSS says NETWORK) with no authentication required and no user interaction. Impact per source...
PT-2018-1095 · Leptonica +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions through 1.75.3 Description: The issue is related to the gplotMakeOutput function in the Leptonica library, which is associated with insufficient input data cleaning. This can allow a remote attacker to execute arbitrary...
Leptonica gplotMakeOutput Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application...