CVE-2018-7442

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Leptonica versions prior to 1.75.4

Description An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.

Recommendations For versions prior to 1.75.4, update to version 1.75.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gplotMakeOutput function to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2021-3559

ALT-PU-2022-1147

ALT-PU-2024-16902

CVE-2018-7442

MGASA-2018-0279

OPENSUSE-SU-2024:10914-1

Affected Products

Alt Linux

Leptonica

CVE-2018-7442

Weakness Enumeration

Related Identifiers

Affected Products

References · 40