Path traversal in Leptonica - CVE-2018-7442
Published: March 21, 2018 / Updated: December 22, 2023
Vulnerability identifier: #VU11189
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7442
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: DanBloomberg
Affected software:
Leptonica
Leptonica
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to conduct path traversal attack on the target system.
The weakness exists in the gplotMakeOutput function due to insufficient validation of characters used in the gplot rootname argument. A remote attacker can trigger path traversal and gain access to potentially sensitive information.
The weakness exists in the gplotMakeOutput function due to insufficient validation of characters used in the gplot rootname argument. A remote attacker can trigger path traversal and gain access to potentially sensitive information.
How to mitigate CVE-2018-7442
Install update from vendor's website.