Описание
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
7 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.
An exploitable command injection vulnerability exists in the gplotMake ...
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.
EPSS
7 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2