CVE-2018-7247 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Leptonica

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Leptonica Debian Leptonlib

Timeline

PublishedFeb 19

Latest updateMay 14

Description

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDleptonica/leptonica< 1.75.3

▶debiandebian/leptonlib< leptonlib 1.76.0-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-29q2-994c-m8hr: An issue was discovered in pixHtmlViewer in prog/htmlviewer↗2022-05-14

▶

OSV

CVE-2018-7247: An issue was discovered in pixHtmlViewer in prog/htmlviewer↗2018-02-19

▶

📋Vendor Advisories

Ubuntu

Leptonica vulnerability↗2022-02-08

▶

Debian

CVE-2018-7247: leptonlib - An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica befor...↗2018

▶

💬Community

Bugzilla

CVE-2018-7247 mingw-leptonica: leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all]↗2018-02-20

▶

Bugzilla

CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c↗2018-02-20

▶

Bugzilla

CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [epel-all]↗2018-02-20

▶

Bugzilla

CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [fedora-all]↗2018-02-20

▶