CVE-2017-18196
LOWleptonica 1.74.4 - Path Traversal via /tmp Subdirectory
Title source: llmDescription
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
https://bugs.debian.org/885704
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202312-01
Scores
CVSS v3
3.3
EPSS
0.0042
EPSS Percentile
34.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
leptonica/leptonica
1.74.4
Published
Feb 23, 2018
Tracked Since
Feb 18, 2026