Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 869416 (CVE-2022-38266) - <media-libs/leptonica-1.81.0: arithmetic exception
Summary: <media-libs/leptonica-1.81.0: arithmetic exception
Status: RESOLVED FIXED
Alias: CVE-2022-38266
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/tesseract-ocr/tess...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 873061
Blocks:
  Show dependency tree
 
Reported: 2022-09-10 02:22 UTC by John Helmert III
Modified: 2023-12-18 07:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-10 02:22:18 UTC 
CVE-2022-38266:

An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.

This was reported to Tesseract, but the issue is in Leptonica, so I'm
not sure if this is a duplicate of another CVE or not.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-15 02:13:45 UTC 
The fix is: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614

So please stabilize a fixed version.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-27 16:22:01 UTC 
Please cleanup
Comment 3 James Le Cuirot gentoo-dev 2022-09-29 22:33:10 UTC 
Cleaned up.
Comment 4 Larry the Git Cow gentoo-dev 2023-12-18 07:26:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=ae470dfa87b9f8990a63603140849dc70c320603

commit ae470dfa87b9f8990a63603140849dc70c320603
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-18 07:24:40 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-18 07:26:01 +0000

    [ GLSA 202312-01 ] Leptonica: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/649752
    Bug: https://bugs.gentoo.org/869416
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-01.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)