PT-2018-1097 · Leptonica+2 · Leptonica+2

Ben Hutchings

·

Publicado

2018-02-14

·

Atualizado

2024-12-19

·

CVE-2018-7186

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Leptonica versions prior to 1.75.3
Description The issue is related to the gplotRead and ptaReadStream functions in the Leptonica library, which does not limit the number of characters in a %s format argument to fscanf or sscanf. This allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string.
Recommendations For versions prior to 1.75.3, update to version 1.75.3 or later to resolve the issue. As a temporary workaround, consider restricting the input to the gplotRead and ptaReadStream functions to prevent the use of long strings that could cause a stack-based buffer overflow.

Correção

DoS

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

ALT-PU-2021-3559
ALT-PU-2022-1147
ALT-PU-2024-16902
BDU:2018-00494
CVE-2018-7186
DLA-1302-1
MGASA-2018-0175
OPENSUSE-SU-2024:10914-1
USN-4819-1

Produtos afetados

Alt Linux
Leptonica
Ubuntu