Main Vulnerability Database SB2018121917

SB2018121917 - Fedora 28 update for leptonica, mingw-leptonica

Published: December 19, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018121917

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2018-7442)

The vulnerability allows a remote unauthenticated attacker to conduct path traversal attack on the target system.

The weakness exists in the gplotMakeOutput function due to insufficient validation of characters used in the gplot rootname argument. A remote attacker can trigger path traversal and gain access to potentially sensitive information.

2) Race condition (CVE-ID: CVE-2018-7441)

The vulnerability allows a local attacker to overwrite arbitrary files on the target system.

The weakness exists due to hardcoded /tmp pathnames. A local attacker can create a file in advance, trigger race condition and overwrite arbitrary files.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2018-93a16d053f

SB2018121917 - Fedora 28 update for leptonica, mingw-leptonica

Breakdown by Severity

Description

Remediation

References

Please verify you're human