Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7186 (GCVE-0-2018-7186)
Vulnerability from cvelistv5 – Published: 2018-02-16 00:00 – Updated: 2024-08-05 06:24
VLAI
EPSS
Summary
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
Date Public
2018-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/890548"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"name": "GLSA-202312-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T08:06:22.617Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"url": "https://bugs.debian.org/890548"
},
{
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"name": "GLSA-202312-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7186",
"datePublished": "2018-02-16T00:00:00.000Z",
"dateReserved": "2018-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-7186",
"date": "2026-06-20",
"epss": "0.0352",
"percentile": "0.87723"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.75.3\", \"matchCriteriaId\": \"92955A0B-68B2-4832-BE97-A6FAE66F1753\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.\"}, {\"lang\": \"es\", \"value\": \"Leptonica, en versiones anteriores a la 1.75.3, no limita el n\\u00famero de caracteres en un argumento de formato %s en fscanf o sscanf, lo que permite que atacantes remotos provoquen una denegaci\\u00f3n de servicio (desbordamiento de b\\u00fafer basado en pila) o que puedan causar otro tipo de impacto sin especificar mediante una cadena larga. Esto se demuestra mediante las funciones gplotRead y ptaReadStream.\"}]",
"id": "CVE-2018-7186",
"lastModified": "2024-11-21T04:11:45.120",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-02-16T16:29:00.160",
"references": "[{\"url\": \"https://bugs.debian.org/890548\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts/2018/02/msg00054.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.debian.org/890548\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts/2018/02/msg00054.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7186\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-02-16T16:29:00.160\",\"lastModified\":\"2024-11-21T04:11:45.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.\"},{\"lang\":\"es\",\"value\":\"Leptonica, en versiones anteriores a la 1.75.3, no limita el n\u00famero de caracteres en un argumento de formato %s en fscanf o sscanf, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en pila) o que puedan causar otro tipo de impacto sin especificar mediante una cadena larga. Esto se demuestra mediante las funciones gplotRead y ptaReadStream.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.75.3\",\"matchCriteriaId\":\"92955A0B-68B2-4832-BE97-A6FAE66F1753\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}],\"references\":[{\"url\":\"https://bugs.debian.org/890548\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts/2018/02/msg00054.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.debian.org/890548\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts/2018/02/msg00054.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость функций gplotRead и ptaReadStream библиотеки для работы с изображениями Leptonica, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Description
Уязвимость функций gplotRead и ptaReadStream библиотеки для работы с изображениями Leptonica связана с переполнением буфера на стеке (%s в функциях fscanf, sscanf). Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании при помощи специально сформированной строки или оказать другое воздействие
Severity
Vendor
Сообщество свободного программного обеспечения
Software Name
Leptonica
Software Version
до 1.75.3 (Leptonica)
Possible Mitigations
Обновление программного обеспечения до более поздней версии
Reference
https://bugs.debian.org/890548
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html
https://lists.debian.org/debian-lts/2018/02/msg00054.html
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.75.3 (Leptonica)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.04.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00494",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-7186",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Leptonica",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 gplotRead \u0438 ptaReadStream \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Leptonica, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 gplotRead \u0438 ptaReadStream \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Leptonica \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u0441\u0442\u0435\u043a\u0435 (%s \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u0445 fscanf, sscanf). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugs.debian.org/890548\nhttps://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a\nhttps://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\nhttps://lists.debian.org/debian-lts/2018/02/msg00054.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2018-7186
Vulnerability from fkie_nvd - Published: 2018-02-16 16:29 - Updated: 2026-06-17 02:02
Severity
Summary
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| leptonica | leptonica | * | |
| debian | debian_linux | 7.0 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92955A0B-68B2-4832-BE97-A6FAE66F1753",
"versionEndExcluding": "1.75.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions."
},
{
"lang": "es",
"value": "Leptonica, en versiones anteriores a la 1.75.3, no limita el n\u00famero de caracteres en un argumento de formato %s en fscanf o sscanf, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en pila) o que puedan causar otro tipo de impacto sin especificar mediante una cadena larga. Esto se demuestra mediante las funciones gplotRead y ptaReadStream."
}
],
"id": "CVE-2018-7186",
"lastModified": "2026-06-17T02:02:45.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-16T16:29:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/890548"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202312-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/890548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-HX3C-V527-XCJQ
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20
VLAI
Details
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-7186"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-16T16:29:00Z",
"severity": "CRITICAL"
},
"details": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",
"id": "GHSA-hx3c-v527-xcjq",
"modified": "2022-05-13T01:20:33Z",
"published": "2022-05-13T01:20:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7186"
},
{
"type": "WEB",
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/890548"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-7186
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7186",
"description": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",
"id": "GSD-2018-7186",
"references": [
"https://www.suse.com/security/cve/CVE-2018-7186.html",
"https://advisories.mageia.org/CVE-2018-7186.html",
"https://ubuntu.com/security/CVE-2018-7186"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7186"
],
"details": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",
"id": "GSD-2018-7186",
"modified": "2023-12-13T01:22:32.552419Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"name": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"refsource": "MISC",
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"name": "https://bugs.debian.org/890548",
"refsource": "MISC",
"url": "https://bugs.debian.org/890548"
},
{
"name": "https://lists.debian.org/debian-lts/2018/02/msg00054.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"name": "GLSA-202312-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202312-01"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92955A0B-68B2-4832-BE97-A6FAE66F1753",
"versionEndExcluding": "1.75.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions."
},
{
"lang": "es",
"value": "Leptonica, en versiones anteriores a la 1.75.3, no limita el n\u00famero de caracteres en un argumento de formato %s en fscanf o sscanf, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en pila) o que puedan causar otro tipo de impacto sin especificar mediante una cadena larga. Esto se demuestra mediante las funciones gplotRead y ptaReadStream."
}
],
"id": "CVE-2018-7186",
"lastModified": "2023-12-18T08:15:06.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-16T16:29:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/890548"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts/2018/02/msg00054.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:10914-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
leptonica-devel-1.80.0-1.9 on GA media
Severity
Moderate
Notes
Title of the patch: leptonica-devel-1.80.0-1.9 on GA media
Description of the patch: These are all security issues fixed in the leptonica-devel-1.80.0-1.9 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10914
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "leptonica-devel-1.80.0-1.9 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the leptonica-devel-1.80.0-1.9 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10914",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10914-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18196 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3836 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7186 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7247 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7440 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7441 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7442 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7442/"
}
],
"title": "leptonica-devel-1.80.0-1.9 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10914-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.aarch64",
"product": {
"name": "leptonica-devel-1.80.0-1.9.aarch64",
"product_id": "leptonica-devel-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.aarch64",
"product": {
"name": "leptonica-tools-1.80.0-1.9.aarch64",
"product_id": "leptonica-tools-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.aarch64",
"product": {
"name": "liblept5-1.80.0-1.9.aarch64",
"product_id": "liblept5-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.aarch64",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.aarch64",
"product_id": "liblept5-32bit-1.80.0-1.9.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.ppc64le",
"product": {
"name": "leptonica-devel-1.80.0-1.9.ppc64le",
"product_id": "leptonica-devel-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.ppc64le",
"product": {
"name": "leptonica-tools-1.80.0-1.9.ppc64le",
"product_id": "leptonica-tools-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.ppc64le",
"product": {
"name": "liblept5-1.80.0-1.9.ppc64le",
"product_id": "liblept5-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.ppc64le",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.ppc64le",
"product_id": "liblept5-32bit-1.80.0-1.9.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.s390x",
"product": {
"name": "leptonica-devel-1.80.0-1.9.s390x",
"product_id": "leptonica-devel-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.s390x",
"product": {
"name": "leptonica-tools-1.80.0-1.9.s390x",
"product_id": "leptonica-tools-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.s390x",
"product": {
"name": "liblept5-1.80.0-1.9.s390x",
"product_id": "liblept5-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.s390x",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.s390x",
"product_id": "liblept5-32bit-1.80.0-1.9.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.x86_64",
"product": {
"name": "leptonica-devel-1.80.0-1.9.x86_64",
"product_id": "leptonica-devel-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.x86_64",
"product": {
"name": "leptonica-tools-1.80.0-1.9.x86_64",
"product_id": "leptonica-tools-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.x86_64",
"product": {
"name": "liblept5-1.80.0-1.9.x86_64",
"product_id": "liblept5-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.x86_64",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.x86_64",
"product_id": "liblept5-32bit-1.80.0-1.9.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64"
},
"product_reference": "leptonica-devel-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le"
},
"product_reference": "leptonica-devel-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x"
},
"product_reference": "leptonica-devel-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64"
},
"product_reference": "leptonica-devel-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64"
},
"product_reference": "leptonica-tools-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le"
},
"product_reference": "leptonica-tools-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x"
},
"product_reference": "leptonica-tools-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64"
},
"product_reference": "leptonica-tools-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64"
},
"product_reference": "liblept5-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le"
},
"product_reference": "liblept5-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x"
},
"product_reference": "liblept5-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64"
},
"product_reference": "liblept5-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18196"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18196",
"url": "https://www.suse.com/security/cve/CVE-2017-18196"
},
{
"category": "external",
"summary": "SUSE Bug 1082843 for CVE-2017-18196",
"url": "https://bugzilla.suse.com/1082843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-18196"
},
{
"cve": "CVE-2018-3836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3836"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3836",
"url": "https://www.suse.com/security/cve/CVE-2018-3836"
},
{
"category": "external",
"summary": "SUSE Bug 1079358 for CVE-2018-3836",
"url": "https://bugzilla.suse.com/1079358"
},
{
"category": "external",
"summary": "SUSE Bug 1082747 for CVE-2018-3836",
"url": "https://bugzilla.suse.com/1082747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-3836"
},
{
"cve": "CVE-2018-7186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7186"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7186",
"url": "https://www.suse.com/security/cve/CVE-2018-7186"
},
{
"category": "external",
"summary": "SUSE Bug 1081576 for CVE-2018-7186",
"url": "https://bugzilla.suse.com/1081576"
},
{
"category": "external",
"summary": "SUSE Bug 1081631 for CVE-2018-7186",
"url": "https://bugzilla.suse.com/1081631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7186"
},
{
"cve": "CVE-2018-7247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7247"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7247",
"url": "https://www.suse.com/security/cve/CVE-2018-7247"
},
{
"category": "external",
"summary": "SUSE Bug 1081631 for CVE-2018-7247",
"url": "https://bugzilla.suse.com/1081631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7247"
},
{
"cve": "CVE-2018-7440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7440"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7440",
"url": "https://www.suse.com/security/cve/CVE-2018-7440"
},
{
"category": "external",
"summary": "SUSE Bug 1079358 for CVE-2018-7440",
"url": "https://bugzilla.suse.com/1079358"
},
{
"category": "external",
"summary": "SUSE Bug 1082747 for CVE-2018-7440",
"url": "https://bugzilla.suse.com/1082747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7440"
},
{
"cve": "CVE-2018-7441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7441"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7441",
"url": "https://www.suse.com/security/cve/CVE-2018-7441"
},
{
"category": "external",
"summary": "SUSE Bug 1082749 for CVE-2018-7441",
"url": "https://bugzilla.suse.com/1082749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7441"
},
{
"cve": "CVE-2018-7442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7442"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block \u0027/\u0027 characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7442",
"url": "https://www.suse.com/security/cve/CVE-2018-7442"
},
{
"category": "external",
"summary": "SUSE Bug 1082748 for CVE-2018-7442",
"url": "https://bugzilla.suse.com/1082748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7442"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…