SUSE CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

SUSE CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

SUSE CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...

UBUNTU-CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...

UBUNTU-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

DEBIAN-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

UBUNTU-CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

Command injection

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $command approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836...

PT-2018-18075 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

UBUNTU-CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

DEBIAN-CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input rootname can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact...

PT-2018-17973 · Dan Bloomberg +2 · Leptonica +2

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.3 Description: An issue was discovered in pixHtmlViewer in prog/htmlviewer.c, where unsanitized input, specifically the rootname, can overflow a buffer. This could potentially lead to arbitrary code execution ...

PT-2018-1095 · Leptonica +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions through 1.75.3 Description: The issue is related to the gplotMakeOutput function in the Leptonica library, which is associated with insufficient input data cleaning. This can allow a remote attacker to execute arbitrary...

CVE-2002-0772

Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. dot dot in the RootName parameter...

CVE-2002-0772

CVE-2002-0772 describes a directory traversal vulnerability in the Hosting Controller’s dsnmanager.asp, exploitable via a .. payload in the RootName parameter to read arbitrary files. Affected component is the web interface/dsnmanager.asp; root cause is improper validation of the RootName input, ...