Skip to main content

Leptonica

7 CVEs product

Monthly

CVE-2022-38266 MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2018-3836 HIGH POC This Week

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Leptonica Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-7442 CRITICAL Act Now

An issue was discovered in Leptonica through 1.75.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Leptonica
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2018-7441 HIGH This Week

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Leptonica
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-7440 CRITICAL Act Now

An issue was discovered in Leptonica through 1.75.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Leptonica Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-7247 CRITICAL Act Now

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Leptonica
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-7186 CRITICAL PATCH Act Now

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Leptonica Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Leptonica +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An issue was discovered in Leptonica through 1.75.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Leptonica
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Leptonica
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Leptonica through 1.75.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Leptonica Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Leptonica
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy