
Find real vulnerabilities before they ship
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
Base Score
3.3| Base Score | 3.3 |
|---|---|
| Vector String | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Base Severity | Low |
| Version | 3.0 |
| Attack Vector (AV) | LOCAL |