Candidate: CVE-2018-7186
PublicDate: 2018-02-16 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7186
 https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
 https://bugs.debian.org/890548
 https://lists.debian.org/debian-lts/2018/02/msg00054.html
Description:
 Leptonica before 1.75.3 does not limit the number of characters in a %s
 format argument to fscanf or sscanf, which allows remote attackers to cause
 a denial of service (stack-based buffer overflow) or possibly have
 unspecified other impact via a long string, as demonstrated by the
 gplotRead and ptaReadStream functions.
Ubuntu-Description:
 It was discovered that Leptonica incorrectly handled input arguments. An
 attacker could possibly use this issue to cause a denial of service or other
 unspecified impact.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890548
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_leptonlib:
upstream_leptonlib: needs-triage
precise/esm_leptonlib: DNE
trusty_leptonlib: ignored (out of standard support)
trusty/esm_leptonlib: needed
xenial_leptonlib: ignored (end of standard support, was needed)
artful_leptonlib: ignored (reached end-of-life)
bionic_leptonlib: not-affected (1.75.3-2)
cosmic_leptonlib: not-affected (1.75.3-2)
disco_leptonlib: not-affected (1.75.3-2)
eoan_leptonlib: not-affected (1.75.3-2)
focal_leptonlib: not-affected (1.75.3-2)
groovy_leptonlib: not-affected (1.75.3-2)
hirsute_leptonlib: not-affected (1.75.3-2)
impish_leptonlib: not-affected (1.75.3-2)
jammy_leptonlib: not-affected (1.75.3-2)
devel_leptonlib: not-affected (1.75.3-2)