Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7442 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. | |||||
| CVE-2018-7440 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. | |||||
| CVE-2018-7247 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. | |||||
| CVE-2018-7186 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. | |||||