CVE-2018-7186 — Out-of-bounds Write in Leptonica

CWE-787 — Out-of-bounds Write10 documents6 sources

Severity

9.8CRITICALNVD

OSV3.3

EPSS

3.1%

top 13.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Leptonica Debian Leptonlib Debian Linux

Timeline

PublishedFeb 16

Latest updateMay 13

Description

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDleptonica/leptonica< 1.75.3

▶debiandebian/leptonlib< leptonlib 1.75.3-2 (bookworm)

Also affects: Debian Linux 7.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-hx3c-v527-xcjq: Leptonica before 1↗2022-05-13

▶

OSV

leptonlib vulnerabilities↗2021-03-15

▶

OSV

CVE-2018-7186: Leptonica before 1↗2018-02-16

▶

📋Vendor Advisories

Ubuntu

Leptonica vulnerabilities↗2021-03-15

▶

Debian

CVE-2018-7186: leptonlib - Leptonica before 1.75.3 does not limit the number of characters in a %s format a...↗2018

▶

💬Community

Bugzilla

CVE-2018-7186 leptonica: Stack-based buffer overflows in gplotRead() and ptaReadStream() when parsing crafted files can lead to denial of service↗2018-02-16

▶

Bugzilla

CVE-2018-3836 CVE-2018-7186 leptonica: various flaws [epel-all]↗2018-02-05

▶

Bugzilla

CVE-2018-3836 CVE-2018-7186 mingw-leptonica: various flaws [fedora-all]↗2018-02-05

▶

Bugzilla

CVE-2018-3836 CVE-2018-7186 leptonica: various flaws [fedora-all]↗2018-02-05

▶