CVE-2018-7186
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-7186
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7186.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-7186
- Downstream
- Related
- Published
- 2018-02-16T16:29:00.160Z
- Modified
- 2025-11-14T04:29:55.545711Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
- References
Affected packages
Git / github.com/danbloomberg/leptonica
Affected ranges
- Type
- GIT
- Repo
- https://github.com/danbloomberg/leptonica
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
v1.*
v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3
Database specific
vanir_signatures
[
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "selReadStream",
"file": "src/sel1.c"
},
"digest": {
"length": 1372.0,
"function_hash": "72901858897126593855299117018148104585"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-06427cab"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "gplotGenCommandFile",
"file": "src/gplot.c"
},
"digest": {
"length": 2736.0,
"function_hash": "26348781678140270596513729884518874524"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-28b37a95"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"file": "src/gplot.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"74913978311487113000575904107245913473",
"306804994943353047874192240061927112601",
"216483300542164452594900166647321620828",
"74536126001753495905446785485005714262",
"270100096091805081470694940102940495365",
"25556603808171008802013767563867738205",
"27220900946661228824410434674893653574",
"250497715968599506615388865559019871570",
"272896481653580461943229955984426228043",
"245675504641690042647843100147262493218",
"259733378803895707145106127837767401867",
"16732604453418718961104237667095720871",
"244299658451368132285964706686643969970",
"224714216140741438110709878064278294887",
"222060178426114256500175468024063164800",
"183685313428657616655867644113822153390",
"219240564785688892434832706101729589412",
"209985785354870954322808309592144616018",
"204302728634288446777970226048822370720",
"126690961160438807244162908435826033511",
"315228858358765661331819772148766246892",
"323671829691161130468715433091458056064",
"45216531882991558419800364862249464639",
"264096501410897609817762041640639440022",
"185240155775476407227895999870231698936",
"256154387788463005757755835523221774145",
"219058776554447425810576846561529039995",
"99515575522759559353948647163574822020",
"41404565350473929020194794902284666107",
"28788961965628202073225542524243718129",
"267641443465966412688627830241797204893",
"280387912042524931364741203413095001880",
"288251635802140606918604688544128567384",
"157645382814582335230106737806354575872",
"157301035571823978728322001145154028055",
"2529178657026482306978461634500492007",
"311584734522299559767718388792860348014",
"219942845700477093233894557088885144766",
"172993507856043959008480050250386236086",
"130631628430270621154743285364359185182",
"329252347663815234486739289488361657986",
"85867735092888234147846403293496143637",
"297843373625882531914041850172005461756",
"276195872224700896786438240743550023244",
"93515840016808114856886419565865836435",
"16822774018492522946729057035944395016",
"288372089017841175552138272805123037429",
"69087339617773613899147434509317211027",
"306279416424228509642328841136925343582",
"222936027553082762291408606146718371798",
"198888594425815213247022958412442265348",
"84035283048841453101864438220296863537",
"96800355975093518280299604120841145907",
"82806611561013652322646521361597596877",
"224692919299841819015337909245204955194",
"70413799229649170319532572873189065995",
"260405319467680067676185911720242085389",
"129305816353484653981798273854299444391",
"55679285604349838858721819853272463986",
"50036060469476899230671095502953202216",
"4937026048488121383112856751684905169",
"135986203581378703461194017448160934615",
"65977102479421448992902818700442808335",
"132418346145683317285369582433191989355",
"111424465242327908632495845063165854790",
"6954530648062341781471891597723843590",
"49968967976395241276983365292041231419",
"117994523505574235523681831278091300380",
"238634907726591242230919677601863463714",
"52188982885746879735364709696038442300",
"128658654938155259317446172232153675153",
"95493355146464723117791690836743897961",
"107144312943698401312374003533980768210",
"14094494000219310957981312739011532826",
"334464688228044293600710560236410287565",
"266069056297921402640077072270922584479",
"196547165232967242546059826363050955542",
"59804809519970259807399113818642379475",
"218436602357460431093127889818028183784",
"253361322269653742948862495928972662526",
"128565341981026609198592744091813170902",
"313631185371340969566503871625192838304",
"80136032521588122499835362080347731152",
"246781186008130101072915851437579582950",
"66554035025674955212568843751207535652",
"102098774565906908016930828430883533318",
"22614318601477443429149067622362967848",
"310040644972519673593610355443007735115",
"239480881502118884445862662535305676257",
"208879174782640855076599312925572782600",
"274377861435722691507215800885990539002",
"94180033777064015469559275089051781098",
"202059998021779850380897560449182022720",
"325904401943567729170848972182072822328",
"129577590844485436430045191420278483164",
"284742107877109785408507437423757448997",
"291545544410888452609444523812942880305",
"277841199017536149316421876601367161608",
"157739102784748664251560174448568071397",
"34362506055367818787979273703046194627",
"23994567983796456550941070944686520254",
"136508645166907883208427683860411114114",
"34878894661837006535769210987501220686",
"130749248974369038875919535654293664189",
"40107590451028610151119385367313445958",
"209378971804723309686308776707914386124",
"5154847547897608981840610825966214961",
"55875019632297779790703550106811703980",
"14970541099146572229393188829062177672",
"142598281875164133746575704441675340072",
"156439272569459628014180124664176786536",
"93963942366043457647946558446383431479",
"22554858910279141691907162371998544546",
"145085530973901578086278845266424664057",
"99739212971887343795570615242591792156",
"180065801648819871233314198692069824370",
"49823650342127276951185725051319875122",
"108521213378574841742595623506861073172",
"108532293514220816323029191531191606786",
"123000760170022259521866169847977330702",
"281310842568581678706250421413205718504",
"187373377670881229638615159411346933734"
]
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2018-7186-547758bb"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "gplotRead",
"file": "src/gplot.c"
},
"digest": {
"length": 2349.0,
"function_hash": "228767576558608563469183557305534530044"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-624ed5ef"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"file": "prog/xtractprotos.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"265594454580207749388433714784990484135",
"102017037627524764282483349379058747397",
"136123454463206677607905926908964102494",
"80579629779845317409893598205071727697",
"122011560694364236238063993059570750473",
"71321032841568734867900030773328456854",
"22261698326721818544186533103348474257",
"230084711267003022893113185874795772941",
"281971025924849135568696012577513516113",
"338909955368369055067993101613142919650",
"238991914213210274195349977627727202069",
"87727035574142761306085126399083702202",
"22552843143414088962363537571150461363",
"10147325784296281282966284289031652428",
"88183334076620888841142624432890613973",
"174151576268924939349985979745663400732",
"138346835912296379394874029599149852501",
"240060387254089611561924455726514734871",
"133204068708238281713118099982346766001",
"107135150930567850315539781069628177324",
"81582383160090140585512126251471484966",
"7933643474065128544678548814118295153",
"87542218097449030188669144064226847830",
"244788416377971173296930586102304554162",
"280593025971437338305948095412133252209",
"234227779439539449800681952627888081828",
"250666720179713957619299997934195271413",
"224640863273235225538261841229603778405"
]
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2018-7186-67215d67"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "gplotCreate",
"file": "src/gplot.c"
},
"digest": {
"length": 1596.0,
"function_hash": "39759221095779243032995483396788941120"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-6f218437"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "gplotMakeOutput",
"file": "src/gplot.c"
},
"digest": {
"length": 561.0,
"function_hash": "89329184580638123227786052434713226028"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-73b114d5"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"file": "src/sel1.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"81486421331109356769443863138281776626",
"269135377094120074177144591769304976507",
"69213063323592934536519933742447938371",
"112896862628100816104147091916165376881",
"292870605307286820986800209204098595106",
"174972918239287142856048832005548718134",
"71745875343569243016995346345893950755",
"276796510240503393571836498048212036859",
"121147329093038618173122425631908878589",
"34199343901054226518445638500365363450",
"249056794543180572726454988257149530535",
"131971948241170670814426157692305240591",
"225030883117705391167871818656400421367",
"21257163128425804626305310646399465517",
"82413160902893569321721785844924152901",
"99754649326989147656729578221177183291",
"177110319904467089603724793416346088609",
"69298628611728983858223432222962134541",
"86728740538073776997625937833210574758",
"70416366898652949764853869141871912635",
"287857277500103367736205962537982950724",
"191733458820713280930561879884697995145",
"173927718968205244129261021294503684400",
"185089246362578555471762572277855752883",
"204263804255615576722959720786803869774",
"329778409569599414041540925354654260386",
"173926471871326600225007071116306642655",
"83064820638261011688134107666859807181",
"185697876469099847811259776238385932389",
"210512805378095919505671184581233711867",
"18779810341152252716116828859743930287",
"127681941429854369594716642234139805683"
]
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2018-7186-7861821c"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "selaGetCombName",
"file": "src/sel1.c"
},
"digest": {
"length": 929.0,
"function_hash": "144899473942999376600979275877573187478"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-7bf40b8c"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"file": "src/ptabasic.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"127932947341318238134487749027762621651",
"22188915029771426100631568254696222952",
"26057017426134700816552384853525552766",
"171900439920977457937997587163542902243",
"206183842423117450405405830173924617653",
"328472349080507654916228673275706001509",
"305204332718852913511156779632445051105",
"188721363758398209909867872293615825493"
]
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2018-7186-8da7ee8c"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "ptaReadStream",
"file": "src/ptabasic.c"
},
"digest": {
"length": 1286.0,
"function_hash": "332966477342756968958379675085858856412"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-8e711f6c"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "main",
"file": "prog/xtractprotos.c"
},
"digest": {
"length": 3822.0,
"function_hash": "48077564995220450002928084320370870099"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-a58eeace"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "gplotAddPlot",
"file": "src/gplot.c"
},
"digest": {
"length": 1621.0,
"function_hash": "180532145496727040081836365742811745793"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-ace5b581"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a",
"target": {
"function": "selaComputeCompositeParameters",
"file": "src/sel1.c"
},
"digest": {
"length": 1008.0,
"function_hash": "48562018067124088157409492466368639317"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2018-7186-b95ead0a"
}
]