SUSE CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

SUSE CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

SUSE CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...

UBUNTU-CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...

The vulnerability of the gplotMakeOutput function in the Leptonica image processing library allows a hacker to execute any command they desire.

The vulnerability of the gplotMakeOutput function in the Leptonica image processing library is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute any command remotely using the argument gplot rootname...

Command injection

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

UBUNTU-CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

DEBIAN-CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

DEBIAN-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

UBUNTU-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

PT-2018-18075 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

UBUNTU-CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

PT-2018-17973 · Dan Bloomberg +2 · Leptonica +2

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.3 Description: An issue was discovered in pixHtmlViewer in prog/htmlviewer.c, where unsanitized input, specifically the rootname, can overflow a buffer. This could potentially lead to arbitrary code execution ...

PT-2018-1095 · Leptonica +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions through 1.75.3 Description: The issue is related to the gplotMakeOutput function in the Leptonica library, which is associated with insufficient input data cleaning. This can allow a remote attacker to execute arbitrary...

CVE-2002-0772

Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. dot dot in the RootName parameter...

CVE-2002-0772

CVE-2002-0772 describes a directory traversal vulnerability in the Hosting Controller’s dsnmanager.asp, exploitable via a .. payload in the RootName parameter to read arbitrary files. Affected component is the web interface/dsnmanager.asp; root cause is improper validation of the RootName input, ...