Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Leptonica
(Leptonica)| Repositories | https://github.com/DanBloomberg/leptonica |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-12 | CVE-2020-36280 | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. | Fedora, Leptonica | 7.5 | ||
| 2021-03-12 | CVE-2020-36281 | Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. | Debian_linux, Fedora, Leptonica | 7.5 | ||
| 2018-04-24 | CVE-2018-3836 | An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. | Debian_linux, Leptonica | 7.8 |