Source: leptonlib
Version: 1.75.3-2
Severity: grave
Tags: security patch


the following vulnerability was published for leptonlib.

| An issue was discovered in Leptonica through 1.75.3. The
| gplotMakeOutput function allows command injection via a $(command)
| approach in the gplot rootname argument. This issue exists because of
| an incomplete fix for CVE-2018-3836.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


An upstream patch is available at:

Please adjust the affected versions in the BTS as needed.

Attachment: signature.asc
Description: PGP signature

Reply via email to