Skip to main content
CVE-2018-7186 CRITICAL PATCH Act Now

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Leptonica Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy