CVE-2020-36278
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-36278
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36278.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-36278
- Downstream
- Related
- Published
- 2021-03-12T00:15:12.647Z
- Modified
- 2025-11-14T11:00:07.304334Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
- https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
- https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0
- https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html
- https://security.gentoo.org/glsa/202107-53
Affected packages
Git / github.com/danbloomberg/leptonica
Affected ranges
- Type
- GIT
- Repo
- https://github.com/danbloomberg/leptonica
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
1.75.3
1.76.0
1.77.0
1.78.0
1.79.0
v1.*
v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3
Database specific
vanir_signatures
[
{
"digest": {
"length": 518.0,
"function_hash": "127539715730754054398143450005495522806"
},
"target": {
"file": "src/ccbord.c",
"function": "findNextBorderPixel"
},
"signature_type": "Function",
"id": "CVE-2020-36278-69a98e2d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/danbloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842"
},
{
"digest": {
"line_hashes": [
"84058546430904092903565697564913235937",
"267459965478394905332371027664390918915",
"153553398293841150508864306755947262626",
"15448888410989113498545674424520384233"
],
"threshold": 0.9
},
"target": {
"file": "src/ccbord.c"
},
"signature_type": "Line",
"id": "CVE-2020-36278-7ab58c8a",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/danbloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842"
}
]