Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/leptonlib@1.37-1
Typedeb
Namespacedebian
Nameleptonlib
Version1.37-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.79.0-1.1+deb11u1
Latest_non_vulnerable_version1.79.0-1.1+deb11u1
Affected_by_vulnerabilities
0
url VCID-1rnj-xbph-afd9
vulnerability_id VCID-1rnj-xbph-afd9
summary An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7442
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42347
published_at 2026-06-04T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42422
published_at 2026-06-05T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42433
published_at 2026-06-06T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42406
published_at 2026-06-07T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42372
published_at 2026-06-08T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.42382
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7442
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7442
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7442
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898439
reference_id 898439
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898439
3
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-7442
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rnj-xbph-afd9
1
url VCID-58uu-hzmb-gkdf
vulnerability_id VCID-58uu-hzmb-gkdf
summary An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7440
reference_id
reference_type
scores
0
value 0.01791
scoring_system epss
scoring_elements 0.83093
published_at 2026-06-04T12:55:00Z
1
value 0.01791
scoring_system epss
scoring_elements 0.8312
published_at 2026-06-06T12:55:00Z
2
value 0.01791
scoring_system epss
scoring_elements 0.83116
published_at 2026-06-07T12:55:00Z
3
value 0.01791
scoring_system epss
scoring_elements 0.83109
published_at 2026-06-08T12:55:00Z
4
value 0.01791
scoring_system epss
scoring_elements 0.83121
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7440
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7440
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7440
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891932
reference_id 891932
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891932
3
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-7440
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58uu-hzmb-gkdf
2
url VCID-9ntb-5c2a-8uhy
vulnerability_id VCID-9ntb-5c2a-8uhy
summary 
Out-of-bounds Read
Leptonica allows a heap-based buffer over-read in `pixReadFromTiffStream`, related to `tiffio.c`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36280
reference_id
reference_type
scores
0
value 0.0175
scoring_system epss
scoring_elements 0.82903
published_at 2026-06-04T12:55:00Z
1
value 0.0175
scoring_system epss
scoring_elements 0.8293
published_at 2026-06-05T12:55:00Z
2
value 0.0175
scoring_system epss
scoring_elements 0.82929
published_at 2026-06-06T12:55:00Z
3
value 0.0175
scoring_system epss
scoring_elements 0.82926
published_at 2026-06-07T12:55:00Z
4
value 0.0175
scoring_system epss
scoring_elements 0.82918
published_at 2026-06-08T12:55:00Z
5
value 0.0175
scoring_system epss
scoring_elements 0.82931
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36280
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36280
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36280
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
reference_id 985089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36280
reference_id CVE-2020-36280
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36280
4
reference_url https://security.gentoo.org/glsa/202107-53
reference_id GLSA-202107-53
reference_type
scores
url https://security.gentoo.org/glsa/202107-53
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2020-36280
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ntb-5c2a-8uhy
3
url VCID-a2de-6vw3-suey
vulnerability_id VCID-a2de-6vw3-suey
summary An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38266.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38266.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38266
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54261
published_at 2026-06-04T12:55:00Z
1
value 0.00308
scoring_system epss
scoring_elements 0.54318
published_at 2026-06-05T12:55:00Z
2
value 0.00308
scoring_system epss
scoring_elements 0.54327
published_at 2026-06-06T12:55:00Z
3
value 0.00308
scoring_system epss
scoring_elements 0.54315
published_at 2026-06-07T12:55:00Z
4
value 0.00308
scoring_system epss
scoring_elements 0.54293
published_at 2026-06-08T12:55:00Z
5
value 0.00308
scoring_system epss
scoring_elements 0.54314
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38266
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38266
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38266
3
reference_url https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614
reference_id
reference_type
scores
url https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614
4
reference_url https://github.com/tesseract-ocr/tesseract/issues/3498
reference_id
reference_type
scores
url https://github.com/tesseract-ocr/tesseract/issues/3498
5
reference_url https://lists.debian.org/debian-lts-announce/2022/12/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/12/msg00018.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2132556
reference_id 2132556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2132556
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38266
reference_id CVE-2022-38266
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-38266
8
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2022-38266
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2de-6vw3-suey
4
url VCID-ad8n-e81g-v7eb
vulnerability_id VCID-ad8n-e81g-v7eb
summary An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3836
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32396
published_at 2026-06-04T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32468
published_at 2026-06-05T12:55:00Z
2
value 0.00133
scoring_system epss
scoring_elements 0.32436
published_at 2026-06-06T12:55:00Z
3
value 0.00133
scoring_system epss
scoring_elements 0.32397
published_at 2026-06-07T12:55:00Z
4
value 0.00133
scoring_system epss
scoring_elements 0.32368
published_at 2026-06-08T12:55:00Z
5
value 0.00133
scoring_system epss
scoring_elements 0.3239
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3836
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3836
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889759
reference_id 889759
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889759
3
reference_url https://usn.ubuntu.com/USN-4819-1/
reference_id USN-USN-4819-1
reference_type
scores
url https://usn.ubuntu.com/USN-4819-1/
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-3836
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad8n-e81g-v7eb
5
url VCID-ey2r-cgfc-rkf6
vulnerability_id VCID-ey2r-cgfc-rkf6
summary Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7186
reference_id
reference_type
scores
0
value 0.03118
scoring_system epss
scoring_elements 0.87079
published_at 2026-06-04T12:55:00Z
1
value 0.03118
scoring_system epss
scoring_elements 0.87101
published_at 2026-06-09T12:55:00Z
2
value 0.03118
scoring_system epss
scoring_elements 0.87099
published_at 2026-06-06T12:55:00Z
3
value 0.03118
scoring_system epss
scoring_elements 0.87094
published_at 2026-06-07T12:55:00Z
4
value 0.03118
scoring_system epss
scoring_elements 0.8709
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7186
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7186
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7186
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890548
reference_id 890548
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890548
3
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
4
reference_url https://usn.ubuntu.com/USN-4819-1/
reference_id USN-USN-4819-1
reference_type
scores
url https://usn.ubuntu.com/USN-4819-1/
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-7186
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ey2r-cgfc-rkf6
6
url VCID-f6m7-jffv-n7b2
vulnerability_id VCID-f6m7-jffv-n7b2
summary 
Out-of-bounds Read
Leptonica allows a heap-based buffer over-read in `rasteropGeneralLow`, related to `adaptmap_reg.c` and `adaptmap.c`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36279
reference_id
reference_type
scores
0
value 0.04251
scoring_system epss
scoring_elements 0.88994
published_at 2026-06-04T12:55:00Z
1
value 0.04251
scoring_system epss
scoring_elements 0.89011
published_at 2026-06-08T12:55:00Z
2
value 0.04251
scoring_system epss
scoring_elements 0.89012
published_at 2026-06-06T12:55:00Z
3
value 0.04251
scoring_system epss
scoring_elements 0.89028
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36279
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
reference_id 985089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36279
reference_id CVE-2020-36279
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36279
4
reference_url https://security.gentoo.org/glsa/202107-53
reference_id GLSA-202107-53
reference_type
scores
url https://security.gentoo.org/glsa/202107-53
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2020-36279
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6m7-jffv-n7b2
7
url VCID-g5x5-uxdq-gfbt
vulnerability_id VCID-g5x5-uxdq-gfbt
summary 
Always-Incorrect Control Flow Implementation
Leptonica allows a denial of service (application crash) via an incorrect left shift in `pixConvert2To8` in `pixconv.c`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36277
reference_id
reference_type
scores
0
value 0.04001
scoring_system epss
scoring_elements 0.88637
published_at 2026-06-04T12:55:00Z
1
value 0.04001
scoring_system epss
scoring_elements 0.88655
published_at 2026-06-05T12:55:00Z
2
value 0.04001
scoring_system epss
scoring_elements 0.88656
published_at 2026-06-06T12:55:00Z
3
value 0.04001
scoring_system epss
scoring_elements 0.88654
published_at 2026-06-08T12:55:00Z
4
value 0.04001
scoring_system epss
scoring_elements 0.88671
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36277
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36277
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
reference_id 985089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36277
reference_id CVE-2020-36277
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36277
4
reference_url https://security.gentoo.org/glsa/202107-53
reference_id GLSA-202107-53
reference_type
scores
url https://security.gentoo.org/glsa/202107-53
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2020-36277
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5x5-uxdq-gfbt
8
url VCID-hh6e-vnn6-vug2
vulnerability_id VCID-hh6e-vnn6-vug2
summary 
Out-of-bounds Read
Leptonica allows a heap-based buffer over-read in `findNextBorderPixel` in `ccbord.c`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36278
reference_id
reference_type
scores
0
value 0.00538
scoring_system epss
scoring_elements 0.67919
published_at 2026-06-04T12:55:00Z
1
value 0.00538
scoring_system epss
scoring_elements 0.67958
published_at 2026-06-09T12:55:00Z
2
value 0.00538
scoring_system epss
scoring_elements 0.67966
published_at 2026-06-06T12:55:00Z
3
value 0.00538
scoring_system epss
scoring_elements 0.67956
published_at 2026-06-07T12:55:00Z
4
value 0.00538
scoring_system epss
scoring_elements 0.67943
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36278
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
reference_id 985089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36278
reference_id CVE-2020-36278
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36278
4
reference_url https://security.gentoo.org/glsa/202107-53
reference_id GLSA-202107-53
reference_type
scores
url https://security.gentoo.org/glsa/202107-53
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2020-36278
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh6e-vnn6-vug2
9
url VCID-m6qf-9k8h-y3fy
vulnerability_id VCID-m6qf-9k8h-y3fy
summary 
Out-of-bounds Read
Leptonica allows a heap-based buffer over-read in `pixFewColorsOctcubeQuantMixed` in `colorquant1.c`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36281
reference_id
reference_type
scores
0
value 0.00506
scoring_system epss
scoring_elements 0.66592
published_at 2026-06-04T12:55:00Z
1
value 0.00506
scoring_system epss
scoring_elements 0.66632
published_at 2026-06-05T12:55:00Z
2
value 0.00506
scoring_system epss
scoring_elements 0.66639
published_at 2026-06-06T12:55:00Z
3
value 0.00506
scoring_system epss
scoring_elements 0.66625
published_at 2026-06-07T12:55:00Z
4
value 0.00506
scoring_system epss
scoring_elements 0.66609
published_at 2026-06-08T12:55:00Z
5
value 0.00506
scoring_system epss
scoring_elements 0.66627
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36281
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
reference_id 985089
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36281
reference_id CVE-2020-36281
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36281
4
reference_url https://security.gentoo.org/glsa/202107-53
reference_id GLSA-202107-53
reference_type
scores
url https://security.gentoo.org/glsa/202107-53
fixed_packages
0
url pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
purl pkg:deb/debian/leptonlib@1.79.0-1.1%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.79.0-1.1%252Bdeb11u1
aliases CVE-2020-36281
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6qf-9k8h-y3fy
10
url VCID-pzmc-5fp3-j3fz
vulnerability_id VCID-pzmc-5fp3-j3fz
summary An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7247
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60632
published_at 2026-06-04T12:55:00Z
1
value 0.00394
scoring_system epss
scoring_elements 0.6068
published_at 2026-06-05T12:55:00Z
2
value 0.00394
scoring_system epss
scoring_elements 0.60688
published_at 2026-06-06T12:55:00Z
3
value 0.00394
scoring_system epss
scoring_elements 0.60677
published_at 2026-06-07T12:55:00Z
4
value 0.00394
scoring_system epss
scoring_elements 0.6066
published_at 2026-06-08T12:55:00Z
5
value 0.00394
scoring_system epss
scoring_elements 0.60676
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7247
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7247
2
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
3
reference_url https://usn.ubuntu.com/USN-5143-1/
reference_id USN-USN-5143-1
reference_type
scores
url https://usn.ubuntu.com/USN-5143-1/
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-7247
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzmc-5fp3-j3fz
11
url VCID-rcy9-yq1w-ubdx
vulnerability_id VCID-rcy9-yq1w-ubdx
summary Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7441
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14457
published_at 2026-06-04T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14528
published_at 2026-06-05T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14532
published_at 2026-06-06T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14492
published_at 2026-06-07T12:55:00Z
4
value 0.00046
scoring_system epss
scoring_elements 0.14405
published_at 2026-06-08T12:55:00Z
5
value 0.00046
scoring_system epss
scoring_elements 0.14425
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7441
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7441
2
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2018-7441
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcy9-yq1w-ubdx
12
url VCID-xy9u-crnd-pfas
vulnerability_id VCID-xy9u-crnd-pfas
summary Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18196
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13498
published_at 2026-06-04T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13579
published_at 2026-06-05T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13585
published_at 2026-06-06T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13543
published_at 2026-06-07T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13457
published_at 2026-06-08T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13488
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18196
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18196
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18196
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885704
reference_id 885704
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885704
3
reference_url https://security.gentoo.org/glsa/202312-01
reference_id GLSA-202312-01
reference_type
scores
url https://security.gentoo.org/glsa/202312-01
4
reference_url https://usn.ubuntu.com/USN-4819-1/
reference_id USN-USN-4819-1
reference_type
scores
url https://usn.ubuntu.com/USN-4819-1/
fixed_packages
0
url pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
purl pkg:deb/debian/leptonlib@1.76.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ntb-5c2a-8uhy
1
vulnerability VCID-a2de-6vw3-suey
2
vulnerability VCID-f6m7-jffv-n7b2
3
vulnerability VCID-g5x5-uxdq-gfbt
4
vulnerability VCID-hh6e-vnn6-vug2
5
vulnerability VCID-m6qf-9k8h-y3fy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.76.0-1%252Bdeb10u1
aliases CVE-2017-18196
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy9u-crnd-pfas
Fixing_vulnerabilities
Risk_score2.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/leptonlib@1.37-1