CVE-2022-38266: An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. This was reported to Tesseract, but the issue is in Leptonica, so I'm not sure if this is a duplicate of another CVE or not.
The fix is: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 So please stabilize a fixed version.
Please cleanup
Cleaned up.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ae470dfa87b9f8990a63603140849dc70c320603 commit ae470dfa87b9f8990a63603140849dc70c320603 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-18 07:24:40 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-18 07:26:01 +0000 [ GLSA 202312-01 ] Leptonica: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/649752 Bug: https://bugs.gentoo.org/869416 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-01.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)