Note:
This project will be discontinued after December 13, 2021. [more]
2018-02-23
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
| Products | Leptonica |
| Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/202312-01
• https://lists.debian.org/debian-lts/2018/02/msg00086.html |