CVE-2018-7247

An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
leptonicaleptonica
𝑥
< 1.75.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
leptonlib
bullseye
1.79.0-1.1+deb11u1
fixed
bookworm
1.82.0-3
fixed
sid
1.84.1-4
fixed
trixie
1.84.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
leptonlib
lunar
Fixed 1.76.0-1
released
kinetic
Fixed 1.76.0-1
released
jammy
Fixed 1.76.0-1
released
impish
Fixed 1.76.0-1
released
hirsute
Fixed 1.76.0-1
released
groovy
Fixed 1.76.0-1
released
focal
Fixed 1.76.0-1
released
eoan
Fixed 1.76.0-1
released
disco
Fixed 1.76.0-1
released
cosmic
Fixed 1.76.0-1
released
bionic
Fixed 1.75.3-3ubuntu0.1~esm1
released
artful
ignored
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
https://security.gentoo.org/glsa/202312-01
https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
https://security.gentoo.org/glsa/202312-01