Path Traversal Vulnerability in Leptonica 1.74.4
CVE-2017-18196 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
Learn more about our User Device Pen Test.