Candidate: CVE-2018-7247
PublicDate: 2018-02-19 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7247
 https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
Description:
 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica
 before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading
 potentially to arbitrary code execution or possibly unspecified other
 impact.
Ubuntu-Description:
 It was discovered tha Leptonica incorrectly handled certain image files. An
 attacker could possibly use this issue to execute arbitrary code or other
 unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_leptonlib:
upstream_leptonlib: needs-triage
precise/esm_leptonlib: DNE
trusty_leptonlib: not-affected (code not present)
trusty/esm_leptonlib: not-affected (code not present)
xenial_leptonlib: not-affected (code not present)
artful_leptonlib: ignored (reached end-of-life)
bionic_leptonlib: needed
cosmic_leptonlib: released (1.76.0-1)
disco_leptonlib: released (1.76.0-1)
eoan_leptonlib: released (1.76.0-1)
focal_leptonlib: released (1.76.0-1)
groovy_leptonlib: released (1.76.0-1)
hirsute_leptonlib: released (1.76.0-1)
impish_leptonlib: released (1.76.0-1)
jammy_leptonlib: released (1.76.0-1)
devel_leptonlib: released (1.76.0-1)