CVE-2020-36277

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36277
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36277.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-36277
Downstream
Related
Published
2021-03-11T21:15:11.827Z
Modified
2025-11-14T11:00:06.452875Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.

References

Affected packages

Git / github.com/danbloomberg/leptonica

Affected ranges

Type
GIT
Repo
https://github.com/danbloomberg/leptonica
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1ac72c93fef1a5eb76b76d6723d2aee843dd6e51

Affected versions

1.*

1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
1.75.3
1.76.0
1.77.0
1.78.0
1.79.0

v1.*

v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-36277-4e166067",
        "source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
        "digest": {
            "length": 2151.0,
            "function_hash": "222858898297859194060794536487657604718"
        },
        "signature_version": "v1",
        "target": {
            "file": "src/writefile.c",
            "function": "pixSaveTiledOutline"
        }
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-36277-7878a3e9",
        "source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
        "digest": {
            "line_hashes": [
                "71062267759714909252348090593844234556",
                "97358072719284165189392170893531517432",
                "301317317759245953588625345858371826055",
                "62265654327906441521104646257649575358",
                "207269623746465126863493617250051974480",
                "213054983104096328696332740677714843767",
                "105275085273569201920370165390215021858",
                "38340088920289451107124175393972403026",
                "9113138227959097645465941439285179527",
                "4111592723007155595036886538810308299",
                "97781248088056011640698607904627689088",
                "74484671226634991667470442120316811390",
                "253761626782854307962002115609073890392",
                "187183657221129180758220836697949816218",
                "46574432943433739278106365792165657011",
                "273396866256614586075518406992790598460",
                "295513790153078462153231921185831748119",
                "131382178552060552096441612459281251532",
                "140667745216844280532923469586221220692",
                "38340088920289451107124175393972403026",
                "66741564332115295234395807389488372647",
                "132506284100450515925055260109635384650",
                "15626914318538742461429884095452584110",
                "56287396207953316054146703578191466799",
                "20380751437460212616876253637222379980",
                "163629621338973307058873800478052052441",
                "25352595195574359417880041363482909448",
                "335761481003546974218991746147851565011",
                "5046790947822584954323697921934692994",
                "56320650226837401789641792496571934451",
                "16722415284511504649079254037155623744",
                "232342567227214257526208001638129199617",
                "173576210356171918807525706994591810305",
                "243807738468509408460219795729349922854",
                "330625691046730176786300782804018665942",
                "219726525622754075676237923630304329781",
                "119139650521512739463158732355403348911",
                "215667919607160153155372984336961395051",
                "239718795552571427566168858035350150579",
                "7987558984567479218345146112537694020",
                "33363232447793643447097582605938314341",
                "174227686358294765452642687979267206268",
                "282944405888060245442936280869587819214",
                "136463978856502020036954520801951250098",
                "89663810803968201105248913064998323902",
                "319465531880607740424327917508776989344",
                "70961496539031330404551052579537358957",
                "50097023676545188792930153098625021049",
                "298713818117629011068302864615537320891",
                "17795467882971491010851540652232597940",
                "183956941203145169005707606613799824267",
                "160828791284281937599906299467130261719",
                "97409445592432297045811281402826357005",
                "139023614379140955860740449971104784948",
                "229418005089612460385550913838939054263",
                "238691219870813330421915352582384393272",
                "206969213718509837465307982922312089301",
                "267669098743028078120867503978775563817",
                "324047436537294132143743488492109099135",
                "50331507218899387210469534448264002000",
                "182945048991490055313854425553974805451",
                "175777624442155945688438649878319851773",
                "336965900696302405653949472064898173356",
                "116000985755283332901577877467218297391",
                "150334520487414278834615100141773513244",
                "256358039365454398039257690180032473336",
                "90522913534650190870516759134685755856",
                "312130806542216751680390873492744815729",
                "71056638504990768084742787629662510964",
                "222039460875439193892739393438584805773",
                "82396013945408456795230577595056333782",
                "277615823188644338749478633541077077349",
                "73177740877961034671619940822526841244",
                "182242737047980361896234253574204172597",
                "270139666686017519128190972053982655060",
                "280789038969911879819847274146700972684",
                "127195894988458890005025375113590300632",
                "224095711446903451089170268915435052378",
                "249467641058294469451236898783224158761",
                "34505517851144569534424389505926690917",
                "181926339711443014290103475098225105304",
                "134405640351810209701330033311676618685",
                "85691735517347449311008818097392259383",
                "129426273177754144750890090176668411102",
                "204155612371349391517772476970283121692",
                "237368390349372639166674219677674833981",
                "18706634596854076763500127312040726691",
                "265795668003857683217546574915109709168",
                "192098695764790791807016310998743101529",
                "50132205851043265482458091199236203873",
                "329583298823061904764188849531103677626",
                "321768222183286676830382411624171676657",
                "102587916843189441473129335381922525478",
                "161137528822882918063826466619031224998",
                "15238058894799479718442650553975412386",
                "171462317166403845265300963792830703964",
                "331744892110334778297066182039374888344",
                "326285890700357715306481830607670732752",
                "123324534500294565774678219652286460623",
                "288576427916736276951897063339480921283",
                "137685248884094962831272445269326966955",
                "259573223464972589894728003087633652679",
                "12229016245657393565821281256763419903",
                "271434579962706848000734217504209289591",
                "194954709234320770596650361766011857023",
                "42106648833517479078550596521203736027",
                "278586902318726974416478788247158816089",
                "39718064908596686921327949565597363579",
                "321689676064398334586639265977019126404",
                "172295762223456177805498932996843025950",
                "171190226785773530665987430747253559223",
                "70962918761805776992827304123417051261",
                "243807738468509408460219795729349922854",
                "128407842167289103363920487986283396306",
                "30486387600434308231673102328328714167",
                "279622566686338882656352513450053253867",
                "256642794338437058535985324878029231406",
                "161806651388242330758048499580591431458",
                "305608186397194774266111296049997309825",
                "339420659682533687962558130366211378928",
                "71855633175038232396432775477005678562",
                "249073138151195662472632059730126570547",
                "132433570656101341823026047880048114214",
                "6709710598048881714838137134275612892",
                "308208083129171002052653631867087291248",
                "296555942277343054565880265221298139606",
                "131559545650161212223324363838998418440",
                "64039125194452021872262519924401514682",
                "118961055585304283145913797879143947388",
                "247884008694609657141628299238743568397",
                "171293053015680685936888175565534341639"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "src/writefile.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-36277-9bac3a71",
        "source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
        "digest": {
            "length": 1206.0,
            "function_hash": "12514325910757870363945626727973878167"
        },
        "signature_version": "v1",
        "target": {
            "file": "src/writefile.c",
            "function": "pixSaveTiledWithText"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-36277-f79bcddc",
        "source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
        "digest": {
            "length": 544.0,
            "function_hash": "180438311509628637530656543879059859147"
        },
        "signature_version": "v1",
        "target": {
            "file": "src/writefile.c",
            "function": "pixSaveTiled"
        }
    }
]