Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
References
Link | Resource |
---|---|
https://bugs.debian.org/885704 | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202312-01 |
Configurations
History
18 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-02-23 21:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-18196
Mitre link : CVE-2017-18196
CVE.ORG link : CVE-2017-18196
JSON object : View
Products Affected
leptonica
- leptonica
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')