Peter Marschall

Name of the Vulnerable Software and Affected Versions: Leptonica version 1.74.4 Description: The issue allows local users to potentially bypass intended file restrictions by exploiting access to a directory located deeper within the /tmp directory tree. This can occur when Leptonica operates on files in /tmp subdirectories and constructs unintended pathnames containing duplicated path components. Recommendations: For Leptonica version 1.74.4, consider restricting access to /tmp subdirectories to minimize the risk of exploitation until a patch is available. Avoid using Leptonica to operate on files in /tmp subdirectories until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.