Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7440 (GCVE-0-2018-7440)
Vulnerability from cvelistv5 – Published: 2018-02-23 00:00 – Updated: 2024-08-05 06:24
VLAI
EPSS
Summary
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2018… | mailing-list |
| https://github.com/DanBloomberg/leptonica/issues/… | |
| https://security.gentoo.org/glsa/202312-01 | vendor-advisory |
Date Public
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:12.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"name": "GLSA-202312-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T08:06:26.942Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"name": "GLSA-202312-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7440",
"datePublished": "2018-02-23T00:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:12.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-7440",
"date": "2026-06-20",
"epss": "0.03798",
"percentile": "0.88611"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.75.3\", \"matchCriteriaId\": \"F0DB527C-F0D6-4D18-9088-02A3321E8FCC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en Leptonica hasta su versi\\u00f3n 1.75.3. La funci\\u00f3n gplotMakeOutput permite la inyecci\\u00f3n de comandos mediante un $(comando) en el argumento gplot rootname. Este problema existe debido a una soluci\\u00f3n incompleta para CVE-2018-3836.\"}]",
"id": "CVE-2018-7440",
"lastModified": "2024-11-21T04:12:08.410",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-02-23T21:29:00.600",
"references": "[{\"url\": \"https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7440\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-02-23T21:29:00.600\",\"lastModified\":\"2024-11-21T04:12:08.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en Leptonica hasta su versi\u00f3n 1.75.3. La funci\u00f3n gplotMakeOutput permite la inyecci\u00f3n de comandos mediante un $(comando) en el argumento gplot rootname. Este problema existe debido a una soluci\u00f3n incompleta para CVE-2018-3836.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.75.3\",\"matchCriteriaId\":\"F0DB527C-F0D6-4D18-9088-02A3321E8FCC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}],\"references\":[{\"url\":\"https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость функции gplotMakeOutput библиотеки для работы с изображениями Leptonica, позволяющая нарушителю выполнить произвольную команду
Description
Уязвимость функции gplotMakeOutput библиотеки для работы с изображениями Leptonica связана с недостаточной очисткой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольную команду при помощи аргумента gplot rootname
Severity
Vendor
Сообщество свободного программного обеспечения
Software Name
Leptonica
Software Version
до 1.75.3 включительно (Leptonica)
Possible Mitigations
Обновление программного обеспечения до более поздней версии
Reference
https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html
CWE
CWE-77
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.75.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Leptonica)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.04.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00492",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-7440",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Leptonica",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gplotMakeOutput \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Leptonica, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 gplotMakeOutput \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c\u0438 Leptonica \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 gplot rootname",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212\nhttps://lists.debian.org/debian-lts-announce/2018/03/msg00005.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-77",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
Title
Leptonica 'gplotMakeOutput'函数命令注入漏洞
Description
Leptonica是一套用于图像处理和图像分析应用的开源系统。
Leptonica 1.75.3及之前的版本中的'gplotMakeOutput'函数存在安全漏洞。攻击者可利用该漏洞注入命令。
Severity
高
Patch Name
Leptonica 'gplotMakeOutput'函数命令注入漏洞的补丁
Patch Description
Leptonica是一套用于图像处理和图像分析应用的开源系统。
Leptonica 1.75.3及之前的版本中的'gplotMakeOutput'函数存在安全漏洞。攻击者可利用该漏洞注入命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/DanBloomberg/leptonica
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-7440
Impacted products
| Name | Leptonica Leptonica <=1.75.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-7440"
}
},
"description": "Leptonica\u662f\u4e00\u5957\u7528\u4e8e\u56fe\u50cf\u5904\u7406\u548c\u56fe\u50cf\u5206\u6790\u5e94\u7528\u7684\u5f00\u6e90\u7cfb\u7edf\u3002\r\n\r\nLeptonica 1.75.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u0027gplotMakeOutput\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u547d\u4ee4\u3002",
"discovererName": "ghost",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/DanBloomberg/leptonica",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-05842",
"openTime": "2018-03-21",
"patchDescription": "Leptonica\u662f\u4e00\u5957\u7528\u4e8e\u56fe\u50cf\u5904\u7406\u548c\u56fe\u50cf\u5206\u6790\u5e94\u7528\u7684\u5f00\u6e90\u7cfb\u7edf\u3002\r\n\r\nLeptonica 1.75.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u0027gplotMakeOutput\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Leptonica \u0027gplotMakeOutput\u0027\u51fd\u6570\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Leptonica Leptonica \u003c=1.75.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-7440",
"serverity": "\u9ad8",
"submitTime": "2018-02-24",
"title": "Leptonica \u0027gplotMakeOutput\u0027\u51fd\u6570\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
FKIE_CVE-2018-7440
Vulnerability from fkie_nvd - Published: 2018-02-23 21:29 - Updated: 2026-06-17 02:03
Severity
Summary
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| leptonica | leptonica | * | |
| debian | debian_linux | 7.0 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DB527C-F0D6-4D18-9088-02A3321E8FCC",
"versionEndIncluding": "1.75.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Leptonica hasta su versi\u00f3n 1.75.3. La funci\u00f3n gplotMakeOutput permite la inyecci\u00f3n de comandos mediante un $(comando) en el argumento gplot rootname. Este problema existe debido a una soluci\u00f3n incompleta para CVE-2018-3836."
}
],
"id": "CVE-2018-7440",
"lastModified": "2026-06-17T02:03:07.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-23T21:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202312-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X83X-C4XW-RR5G
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-7440"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T21:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.",
"id": "GHSA-x83x-c4xw-rr5g",
"modified": "2022-05-13T01:53:22Z",
"published": "2022-05-13T01:53:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7440"
},
{
"type": "WEB",
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-7440
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7440",
"description": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.",
"id": "GSD-2018-7440",
"references": [
"https://www.suse.com/security/cve/CVE-2018-7440.html",
"https://advisories.mageia.org/CVE-2018-7440.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7440"
],
"details": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.",
"id": "GSD-2018-7440",
"modified": "2023-12-13T01:22:32.909910Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180307 [SECURITY] [DLA 1302-1] leptonlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"name": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212",
"refsource": "MISC",
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"name": "GLSA-202312-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202312-01"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DB527C-F0D6-4D18-9088-02A3321E8FCC",
"versionEndIncluding": "1.75.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Leptonica hasta su versi\u00f3n 1.75.3. La funci\u00f3n gplotMakeOutput permite la inyecci\u00f3n de comandos mediante un $(comando) en el argumento gplot rootname. Este problema existe debido a una soluci\u00f3n incompleta para CVE-2018-3836."
}
],
"id": "CVE-2018-7440",
"lastModified": "2023-12-18T08:15:06.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-23T21:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202312-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:10914-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
leptonica-devel-1.80.0-1.9 on GA media
Severity
Moderate
Notes
Title of the patch: leptonica-devel-1.80.0-1.9 on GA media
Description of the patch: These are all security issues fixed in the leptonica-devel-1.80.0-1.9 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10914
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "leptonica-devel-1.80.0-1.9 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the leptonica-devel-1.80.0-1.9 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10914",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10914-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18196 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3836 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7186 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7247 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7440 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7441 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7442 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7442/"
}
],
"title": "leptonica-devel-1.80.0-1.9 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10914-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.aarch64",
"product": {
"name": "leptonica-devel-1.80.0-1.9.aarch64",
"product_id": "leptonica-devel-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.aarch64",
"product": {
"name": "leptonica-tools-1.80.0-1.9.aarch64",
"product_id": "leptonica-tools-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.aarch64",
"product": {
"name": "liblept5-1.80.0-1.9.aarch64",
"product_id": "liblept5-1.80.0-1.9.aarch64"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.aarch64",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.aarch64",
"product_id": "liblept5-32bit-1.80.0-1.9.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.ppc64le",
"product": {
"name": "leptonica-devel-1.80.0-1.9.ppc64le",
"product_id": "leptonica-devel-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.ppc64le",
"product": {
"name": "leptonica-tools-1.80.0-1.9.ppc64le",
"product_id": "leptonica-tools-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.ppc64le",
"product": {
"name": "liblept5-1.80.0-1.9.ppc64le",
"product_id": "liblept5-1.80.0-1.9.ppc64le"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.ppc64le",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.ppc64le",
"product_id": "liblept5-32bit-1.80.0-1.9.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.s390x",
"product": {
"name": "leptonica-devel-1.80.0-1.9.s390x",
"product_id": "leptonica-devel-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.s390x",
"product": {
"name": "leptonica-tools-1.80.0-1.9.s390x",
"product_id": "leptonica-tools-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.s390x",
"product": {
"name": "liblept5-1.80.0-1.9.s390x",
"product_id": "liblept5-1.80.0-1.9.s390x"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.s390x",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.s390x",
"product_id": "liblept5-32bit-1.80.0-1.9.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "leptonica-devel-1.80.0-1.9.x86_64",
"product": {
"name": "leptonica-devel-1.80.0-1.9.x86_64",
"product_id": "leptonica-devel-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "leptonica-tools-1.80.0-1.9.x86_64",
"product": {
"name": "leptonica-tools-1.80.0-1.9.x86_64",
"product_id": "leptonica-tools-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "liblept5-1.80.0-1.9.x86_64",
"product": {
"name": "liblept5-1.80.0-1.9.x86_64",
"product_id": "liblept5-1.80.0-1.9.x86_64"
}
},
{
"category": "product_version",
"name": "liblept5-32bit-1.80.0-1.9.x86_64",
"product": {
"name": "liblept5-32bit-1.80.0-1.9.x86_64",
"product_id": "liblept5-32bit-1.80.0-1.9.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64"
},
"product_reference": "leptonica-devel-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le"
},
"product_reference": "leptonica-devel-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x"
},
"product_reference": "leptonica-devel-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-devel-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64"
},
"product_reference": "leptonica-devel-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64"
},
"product_reference": "leptonica-tools-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le"
},
"product_reference": "leptonica-tools-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x"
},
"product_reference": "leptonica-tools-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "leptonica-tools-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64"
},
"product_reference": "leptonica-tools-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64"
},
"product_reference": "liblept5-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le"
},
"product_reference": "liblept5-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x"
},
"product_reference": "liblept5-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64"
},
"product_reference": "liblept5-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblept5-32bit-1.80.0-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
},
"product_reference": "liblept5-32bit-1.80.0-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18196"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18196",
"url": "https://www.suse.com/security/cve/CVE-2017-18196"
},
{
"category": "external",
"summary": "SUSE Bug 1082843 for CVE-2017-18196",
"url": "https://bugzilla.suse.com/1082843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-18196"
},
{
"cve": "CVE-2018-3836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3836"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3836",
"url": "https://www.suse.com/security/cve/CVE-2018-3836"
},
{
"category": "external",
"summary": "SUSE Bug 1079358 for CVE-2018-3836",
"url": "https://bugzilla.suse.com/1079358"
},
{
"category": "external",
"summary": "SUSE Bug 1082747 for CVE-2018-3836",
"url": "https://bugzilla.suse.com/1082747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-3836"
},
{
"cve": "CVE-2018-7186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7186"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7186",
"url": "https://www.suse.com/security/cve/CVE-2018-7186"
},
{
"category": "external",
"summary": "SUSE Bug 1081576 for CVE-2018-7186",
"url": "https://bugzilla.suse.com/1081576"
},
{
"category": "external",
"summary": "SUSE Bug 1081631 for CVE-2018-7186",
"url": "https://bugzilla.suse.com/1081631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7186"
},
{
"cve": "CVE-2018-7247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7247"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7247",
"url": "https://www.suse.com/security/cve/CVE-2018-7247"
},
{
"category": "external",
"summary": "SUSE Bug 1081631 for CVE-2018-7247",
"url": "https://bugzilla.suse.com/1081631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7247"
},
{
"cve": "CVE-2018-7440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7440"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7440",
"url": "https://www.suse.com/security/cve/CVE-2018-7440"
},
{
"category": "external",
"summary": "SUSE Bug 1079358 for CVE-2018-7440",
"url": "https://bugzilla.suse.com/1079358"
},
{
"category": "external",
"summary": "SUSE Bug 1082747 for CVE-2018-7440",
"url": "https://bugzilla.suse.com/1082747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7440"
},
{
"cve": "CVE-2018-7441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7441"
}
],
"notes": [
{
"category": "general",
"text": "Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7441",
"url": "https://www.suse.com/security/cve/CVE-2018-7441"
},
{
"category": "external",
"summary": "SUSE Bug 1082749 for CVE-2018-7441",
"url": "https://bugzilla.suse.com/1082749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7441"
},
{
"cve": "CVE-2018-7442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7442"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block \u0027/\u0027 characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7442",
"url": "https://www.suse.com/security/cve/CVE-2018-7442"
},
{
"category": "external",
"summary": "SUSE Bug 1082748 for CVE-2018-7442",
"url": "https://bugzilla.suse.com/1082748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-devel-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:leptonica-tools-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-1.80.0-1.9.x86_64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.aarch64",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.ppc64le",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.s390x",
"openSUSE Tumbleweed:liblept5-32bit-1.80.0-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7442"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…