Dan Bloomberg

6 exploits Active since Feb 2018
CVE-2018-7186 WRITEUP CRITICAL WRITEUP
leptonica < 1.75.3 - Stack-Based Buffer Overflow via Long Format String Argument
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
CVSS 9.8
CVE-2020-36278 WRITEUP HIGH WRITEUP
leptonica < 1.80.0 - Heap-Based Buffer Over-Read in findNextBorderPixel
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
CVSS 7.5
CVE-2020-36279 WRITEUP HIGH WRITEUP
leptonica < 1.80.0 - Heap-Based Buffer Over-Read in rasteropGeneralLow
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
CVSS 7.5
CVE-2020-36280 WRITEUP HIGH WRITEUP
leptonica < 1.80.0 - Heap-Based Buffer Over-Read in pixReadFromTiffStream
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
CVSS 7.5
CVE-2020-36281 WRITEUP HIGH WRITEUP
leptonica < 1.80.0 - Heap-Based Buffer Over-Read in pixFewColorsOctcubeQuantMixed
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
CVSS 7.5
CVE-2022-38266 WRITEUP MEDIUM WRITEUP
Leptonica v1.79.0 - DoS
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
CVSS 6.5