Leptonica: >> Leptonica >> 1.74.4 Security Vulnerabilities
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
CVSS Score
9.1
EPSS Score
0.002
Published
2018-02-23
An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-19
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-02-16
Page 2