Path Traversal Vulnerability in Leptonica 1.74.4

Path Traversal Vulnerability in Leptonica 1.74.4

CVE-2017-18196 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.

Learn more about our User Device Pen Test.