Leptonica Security Vulnerabilities and Issues — Leptonica CVE List

Lucene search

LeptonicaLeptonica

13 matches found

CVE•added 2021/03/12 12:15 a.m.•89 views

CVE-2020-36278

Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.

7.5CVSS7.3AI score0.02449EPSS

CVE•added 2021/03/12 1:15 a.m.•81 views

CVE-2020-36281

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.

7.5CVSS7.3AI score0.01817EPSS

CVE•added 2021/03/12 12:15 a.m.•79 views

CVE-2020-36279

Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.

7.5CVSS7.3AI score0.03115EPSS

CVE•added 2021/03/11 9:15 p.m.•75 views

CVE-2020-36277

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.

7.5CVSS7.2AI score0.04913EPSS

CVE•added 2022/09/09 10:15 p.m.•73 views

CVE-2022-38266

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.

6.5CVSS6AI score0.00184EPSS

CVE•added 2021/03/12 12:15 a.m.•69 views

CVE-2020-36280

Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.

7.5CVSS7.3AI score0.0175EPSS

CVE•added 2018/04/24 7:29 p.m.•56 views

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes...

7.8CVSS7.8AI score0.00091EPSS

CVE•added 2018/02/23 9:29 p.m.•53 views

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.

9.1CVSS7.5AI score0.00199EPSS

CVE•added 2018/02/23 9:29 p.m.•48 views

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.

7CVSS7.6AI score0.0004EPSS

CVE•added 2018/02/23 9:29 p.m.•47 views

CVE-2017-18196

Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstra...

3.3CVSS5.1AI score0.00038EPSS

CVE•added 2018/02/23 9:29 p.m.•47 views

CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

9.8CVSS7.1AI score0.01748EPSS

CVE•added 2018/02/16 4:29 p.m.•44 views

CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and pta...

9.8CVSS7.7AI score0.03045EPSS

CVE•added 2018/02/19 6:29 p.m.•41 views

CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.

9.8CVSS8.4AI score0.00385EPSS