Описание
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 1.75.3-3 |
| cosmic | not-affected | 1.75.3-3 |
| devel | not-affected | 1.75.3-3 |
| disco | not-affected | 1.75.3-3 |
| eoan | not-affected | 1.75.3-3 |
| esm-apps/bionic | released | 1.75.3-3 |
| esm-apps/focal | not-affected | 1.75.3-3 |
| esm-apps/jammy | not-affected | 1.75.3-3 |
| esm-apps/noble | not-affected | 1.75.3-3 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
Уязвимость функции gplotMakeOutput библиотеки для работы с изображениями Leptonica, позволяющая нарушителю выполнить произвольную команду
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3