Debian LTS Advisory ([SECURITY] [DLA 1302-1] leptonlib security update)

Different flaws have been found in leptonlib, an image processing library. CVE-2018-7186 Leptonica did not limit the number of characters in a %s format argument to fscanf or sscanf, that made it possible to remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string. CVE-2018-7440 The gplotMakeOutput function allowed command injection via a $(command) approach in the gplot rootname argument. This issue existed because of an incomplete fix for CVE-2018-3836.

leptonlib on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 7 'Wheezy', these problems have been fixed in version 1.69-3.1+deb7u2. We recommend that you upgrade your leptonlib packages.