Debian Leptonlib vulnerabilities

13 known vulnerabilities affecting debian/leptonlib.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8MEDIUM1LOW3

Vulnerabilities

Page 1 of 1
CVE-2022-38266MEDIUMCVSS 6.5fixed in leptonlib 1.82.0-1 (bookworm)2022
CVE-2022-38266 [MEDIUM] CVE-2022-38266: leptonlib - An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an ... An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Scope: local bookworm: resolved (fixed in 1.82.0-1) bullseye: resolved (fixed in 1.79.0-1.1+deb11u1) forky: resolved (fixed in 1.82.0-1) sid: resolved (fixed in 1.82.0-1) trixie: resolved (fixed in 1.8
debian
CVE-2020-36277HIGHCVSS 7.5fixed in leptonlib 1.79.0-1.1 (bookworm)2020
CVE-2020-36277 [HIGH] CVE-2020-36277: leptonlib - Leptonica before 1.80.0 allows a denial of service (application crash) via an in... Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. Scope: local bookworm: resolved (fixed in 1.79.0-1.1) bullseye: resolved (fixed in 1.79.0-1.1) forky: resolved (fixed in 1.79.0-1.1) sid: resolved (fixed in 1.79.0-1.1) trixie: resolved (fixed in 1.79.0-1.1)
debian
CVE-2020-36279HIGHCVSS 7.5fixed in leptonlib 1.79.0-1.1 (bookworm)2020
CVE-2020-36279 [HIGH] CVE-2020-36279: leptonlib - Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralL... Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. Scope: local bookworm: resolved (fixed in 1.79.0-1.1) bullseye: resolved (fixed in 1.79.0-1.1) forky: resolved (fixed in 1.79.0-1.1) sid: resolved (fixed in 1.79.0-1.1) trixie: resolved (fixed in 1.79.0-1.1)
debian
CVE-2020-36278HIGHCVSS 7.5fixed in leptonlib 1.79.0-1.1 (bookworm)2020
CVE-2020-36278 [HIGH] CVE-2020-36278: leptonlib - Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPi... Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Scope: local bookworm: resolved (fixed in 1.79.0-1.1) bullseye: resolved (fixed in 1.79.0-1.1) forky: resolved (fixed in 1.79.0-1.1) sid: resolved (fixed in 1.79.0-1.1) trixie: resolved (fixed in 1.79.0-1.1)
debian
CVE-2020-36280HIGHCVSS 7.5fixed in leptonlib 1.79.0-1.1 (bookworm)2020
CVE-2020-36280 [HIGH] CVE-2020-36280: leptonlib - Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffS... Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. Scope: local bookworm: resolved (fixed in 1.79.0-1.1) bullseye: resolved (fixed in 1.79.0-1.1) forky: resolved (fixed in 1.79.0-1.1) sid: resolved (fixed in 1.79.0-1.1) trixie: resolved (fixed in 1.79.0-1.1)
debian
CVE-2020-36281HIGHCVSS 7.5fixed in leptonlib 1.79.0-1.1 (bookworm)2020
CVE-2020-36281 [HIGH] CVE-2020-36281: leptonlib - Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctc... Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. Scope: local bookworm: resolved (fixed in 1.79.0-1.1) bullseye: resolved (fixed in 1.79.0-1.1) forky: resolved (fixed in 1.79.0-1.1) sid: resolved (fixed in 1.79.0-1.1) trixie: resolved (fixed in 1.79.0-1.1)
debian
CVE-2018-7442CRITICALCVSS 9.1fixed in leptonlib 1.76.0-1 (bookworm)2018
CVE-2018-7442 [CRITICAL] CVE-2018-7442: leptonlib - An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput functio... An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. Scope: local bookworm: resolved (fixed in 1.76.0-1) bullseye: resolved (fixed in 1.76.0-1) forky: resolved (fixed in 1.76.0-1) sid: resolved (fixed in 1
debian
CVE-2018-7441HIGHCVSS 7.0fixed in leptonlib 1.76.0-1 (bookworm)2018
CVE-2018-7441 [HIGH] CVE-2018-7441: leptonlib - Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local ... Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. Scope: local bookworm: resolved (fixed in 1.76.0-1) bullseye: resolved (fixed in 1.76.0-1) f
debian
CVE-2018-3836HIGHCVSS 7.8fixed in leptonlib 1.75.3-1 (bookworm)2018
CVE-2018-3836 [HIGH] CVE-2018-3836: leptonlib - An exploitable command injection vulnerability exists in the gplotMakeOutput fun... An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. Scope:
debian
CVE-2018-7440HIGHCVSS 7.8fixed in leptonlib 1.75.3-3 (bookworm)2018
CVE-2018-7440 [HIGH] CVE-2018-7440: leptonlib - An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput functio... An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. Scope: local bookworm: resolved (fixed in 1.75.3-3) bullseye: resolved (fixed in 1.75.3-3) forky: resolved (fixed in 1.75.3-3) sid: resol
debian
CVE-2018-7186LOWCVSS 9.8fixed in leptonlib 1.75.3-2 (bookworm)2018
CVE-2018-7186 [CRITICAL] CVE-2018-7186: leptonlib - Leptonica before 1.75.3 does not limit the number of characters in a %s format a... Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. Scope: local bookworm: resolved (fixed in 1
debian
CVE-2018-7247LOWCVSS 9.8fixed in leptonlib 1.76.0-1 (bookworm)2018
CVE-2018-7247 [CRITICAL] CVE-2018-7247: leptonlib - An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica befor... An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. Scope: local bookworm: resolved (fixed in 1.76.0-1) bullseye: resolved (fixed in 1.76.0-1) forky: resolved (fixed in 1.76.0-1) sid: reso
debian
CVE-2017-18196LOWCVSS 3.3fixed in leptonlib 1.74.4-2 (bookworm)2017
CVE-2017-18196 [LOW] CVE-2017-18196: leptonlib - Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path com... Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. Scope: local bookworm: reso
debian