CVE-2017-18196
Last modified
CVE-2017-18196 is a vulnerability of currently unknown severity. Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Leptonica | Leptonica | 1.74.4 |
References
- https://bugs.debian.org/885704Mailing List, Third Party Advisory
- https://bugs.debian.org/885704Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18196?
How severe is CVE-2017-18196?
How do I fix CVE-2017-18196?
Are you affected by CVE-2017-18196?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST