CVE-2018-7441

Priority
Description
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow
local users to overwrite arbitrary files or have unspecified other impact
by creating files in advance or winning a race condition, as demonstrated
by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
Notes
ebarrettoNeutralised by kernel hardening
https://lists.debian.org/debian-lts/2018/02/msg00054.html
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):released (1.76.0-1)
Ubuntu 20.04 (Focal Fossa):released (1.76.0-1)
More Information

Updated: 2020-01-29 18:55:49 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)