DescriptionLeptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/ in prog/splitimage2pdf.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
leptonlib (PTS)buster1.76.0-1+deb10u1fixed
buster (security)1.76.0-1+deb10u2fixed
sid, trixie, bookworm1.82.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Not neutralised by kernel hardening, because subdirectories of /tmp are not hardened
The patch requires CVE-2018-7442 patch as underlying infrastructure.
The patch deactivates debugging functions by default and thus changes behaviour.

Search for package or bug name: Reporting problems