Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:leptonica:leptonica:1.70:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-38266 |
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Published: September 09, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2020-36281 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. Published: March 11, 2021; 8:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-36280 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. Published: March 11, 2021; 7:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-36279 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. Published: March 11, 2021; 7:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-36278 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Published: March 11, 2021; 7:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-36277 |
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. Published: March 11, 2021; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-7442 |
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. Published: February 23, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2018-7441 |
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. Published: February 23, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2018-7440 |
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. Published: February 23, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-7247 |
An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. Published: February 19, 2018; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-7186 |
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. Published: February 16, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |