CVE-2021-36081: Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. Fixed commit according to oss-fuzz: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 The referenced strpbrk call doesn't appear to be in the deleted files in this commit, so this may not be actually fixed.
Package list is empty or all packages have requested keywords.
I have trouble finding where this use-after-free is, I do not *think* this was present in stable releases (4.x) and it is considered ok in current 5.0 beta if I read correctly?
(In reply to Bernard Cafarelli from comment #8) > I have trouble finding where this use-after-free is, I do not *think* this > was present in stable releases (4.x) and it is considered ok in current 5.0 > beta if I read correctly? No, versions in CVE descriptions are almost always useless unless they explicitly state a fixed version.