SB2023122236 - Gentoo update for Leptonica



SB2023122236 - Gentoo update for Leptonica

Published: December 22, 2023

Security Bulletin ID SB2023122236
CSH Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 14% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2017-18196)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper security restrictions. A local attacker can access a directory in the /tmp directory tree and gain access to potentially sensitive information, including arbitrary files.

2) Stack-based buffer overflow (CVE-ID: CVE-2018-7186)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the gplotRead and ptaReadStream functions due to stack-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.

3) Buffer overflow (CVE-ID: CVE-2018-7247)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists in the pixHtmlViewer function due to buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

4) Command injection (CVE-ID: CVE-2018-7440)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists in the gplotMakeOutput function due to insufficient validation of commands used in the gplot rootname argument. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Race condition (CVE-ID: CVE-2018-7441)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to overwrite arbitrary files on the target system.

The weakness exists due to hardcoded /tmp pathnames. A local attacker can create a file in advance, trigger race condition and overwrite arbitrary files.

6) Path traversal (CVE-ID: CVE-2018-7442)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to conduct path traversal attack on the target system.

The weakness exists in the gplotMakeOutput function due to insufficient validation of characters used in the gplot rootname argument. A remote attacker can trigger path traversal and gain access to potentially sensitive information.

7) Division by zero (CVE-ID: CVE-2022-38266)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error within the blocksumLow() function in convolve.c. A remote attacker can pass a specially crafted JPEG image to the application and crash it.


Remediation

Install update from vendor's website.