An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
Weakness
The product divides a value by zero.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tesseract | Tesseract_project | 5.0.0-alpha-20210401 (including) | 5.0.0-alpha-20210401 (including) |
| Leptonlib | Ubuntu | bionic | * |
| Leptonlib | Ubuntu | esm-apps/bionic | * |
| Leptonlib | Ubuntu | esm-apps/xenial | * |
| Leptonlib | Ubuntu | esm-infra-legacy/trusty | * |
| Leptonlib | Ubuntu | focal | * |
| Leptonlib | Ubuntu | kinetic | * |
| Leptonlib | Ubuntu | lunar | * |
| Leptonlib | Ubuntu | mantic | * |
| Leptonlib | Ubuntu | oracular | * |
| Leptonlib | Ubuntu | plucky | * |
| Leptonlib | Ubuntu | trusty | * |
| Leptonlib | Ubuntu | trusty/esm | * |
| Leptonlib | Ubuntu | upstream | * |
| Leptonlib | Ubuntu | xenial | * |
| Tesseract | Ubuntu | bionic | * |
| Tesseract | Ubuntu | esm-apps/bionic | * |
| Tesseract | Ubuntu | esm-apps/xenial | * |
| Tesseract | Ubuntu | esm-infra-legacy/trusty | * |
| Tesseract | Ubuntu | focal | * |
| Tesseract | Ubuntu | kinetic | * |
| Tesseract | Ubuntu | lunar | * |
| Tesseract | Ubuntu | mantic | * |
| Tesseract | Ubuntu | oracular | * |
| Tesseract | Ubuntu | plucky | * |
| Tesseract | Ubuntu | trusty | * |
| Tesseract | Ubuntu | trusty/esm | * |
| Tesseract | Ubuntu | xenial | * |
References
- https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614
- https://github.com/tesseract-ocr/tesseract/issues/3498
- https://lists.debian.org/debian-lts-announce/2022/12/msg00018.html
- https://security.gentoo.org/glsa/202312-01
- https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614
- https://github.com/tesseract-ocr/tesseract/issues/3498
- https://lists.debian.org/debian-lts-announce/2022/12/msg00018.html
- https://security.gentoo.org/glsa/202312-01