PT-2020-6984 · Tesseract+3 · Tesseract+3

Published

2020-07-15

Updated

2024-12-19

CVE-2022-38266

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Leptonica version 1.79.0 Tesseract version 5.0.0

Description The issue in the Leptonica library is related to a lack of check for division by zero, allowing a remote attacker to cause a Denial of Service (DoS) using a specially crafted JPEG file. This can lead to an arithmetic exception. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Leptonica version 1.79.0, update to a version that includes a fix for the division by zero check. For Tesseract version 5.0.0, consider disabling the use of the Leptonica library until a patch is available. As a temporary workaround, avoid using the Leptonica library to process JPEG files until the issue is resolved.

Exploit

Fix

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2021-3559

ALT-PU-2022-1147

ALT-PU-2024-16902

BDU:2024-07356

CVE-2022-38266

DLA-3233-1

MGASA-2022-0472

OESA-2023-1134

ROSA-SA-2023-2178

Affected Products

Alt Linux

Astra Linux

Leptonica

Tesseract

PT-2020-6984 · Tesseract+3 · Tesseract+3

CVE-2022-38266

Weakness Enumeration

Related Identifiers

Affected Products

References · 24