CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
leptonicaleptonica
𝑥
≤ 1.75.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
leptonlib
bullseye
1.79.0-1.1+deb11u1
fixed
bookworm
1.82.0-3
fixed
sid
1.84.1-4
fixed
trixie
1.84.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
leptonlib
noble
Fixed 1.76.0-1
released
mantic
Fixed 1.76.0-1
released
lunar
Fixed 1.76.0-1
released
kinetic
Fixed 1.76.0-1
released
jammy
Fixed 1.76.0-1
released
impish
Fixed 1.76.0-1
released
hirsute
Fixed 1.76.0-1
released
groovy
Fixed 1.76.0-1
released
focal
Fixed 1.76.0-1
released
eoan
Fixed 1.76.0-1
released
disco
Fixed 1.76.0-1
released
cosmic
Fixed 1.76.0-1
released
bionic
needed
artful
ignored
xenial
needed
trusty
needed
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts/2018/02/msg00054.html
https://security.gentoo.org/glsa/202312-01
https://lists.debian.org/debian-lts/2018/02/msg00054.html
https://security.gentoo.org/glsa/202312-01