CVE-2022-38266
- Source
- https://cve.org/CVERecord?id=CVE-2022-38266
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38266.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-38266
- Downstream
- Related
- Published
- 2022-09-09T22:15:08.830Z
- Modified
- 2026-03-17T14:27:25.353370Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
- References
Affected packages
Git / github.com/danbloomberg/leptonica
Affected ranges
Affected versions
1.*
1.03
1.04
1.04b
1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
1.75.3
1.76.0
1.77.0
1.78.0
1.79.0
2.*
2.00
2.01
2.02
2.03
2.04
3.*
3.00
3.01
3.02.02
3.03-rc1
3.04-rc1
3.04.00
3.05.00dev
4.*
4.0.0
4.0.0-alpha
4.0.0-beta.1
4.0.0-beta.2
4.0.0-beta.3
4.0.0-beta.4
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.0.0-rc4
4.00.00alpha
4.00.00dev
4.1.0-rc1
5.*
5.0.0-alpha
5.0.0-alpha-20201224
5.0.0-alpha-20201231
5.0.0-alpha-20210401
v1.*
v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/convolve.c",
"function": "pixBlockconvGrayUnnormalized"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"length": 1686.0,
"function_hash": "59129913913116863254399662588375971480"
},
"id": "CVE-2022-38266-4c463b66",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/writefile.c",
"function": "pixSaveTiledOutline"
},
"source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
"digest": {
"length": 2151.0,
"function_hash": "222858898297859194060794536487657604718"
},
"id": "CVE-2022-38266-4e166067",
"deprecated": false
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/writefile.c"
},
"source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
"digest": {
"line_hashes": [
"71062267759714909252348090593844234556",
"97358072719284165189392170893531517432",
"301317317759245953588625345858371826055",
"62265654327906441521104646257649575358",
"207269623746465126863493617250051974480",
"213054983104096328696332740677714843767",
"105275085273569201920370165390215021858",
"38340088920289451107124175393972403026",
"9113138227959097645465941439285179527",
"4111592723007155595036886538810308299",
"97781248088056011640698607904627689088",
"74484671226634991667470442120316811390",
"253761626782854307962002115609073890392",
"187183657221129180758220836697949816218",
"46574432943433739278106365792165657011",
"273396866256614586075518406992790598460",
"295513790153078462153231921185831748119",
"131382178552060552096441612459281251532",
"140667745216844280532923469586221220692",
"38340088920289451107124175393972403026",
"66741564332115295234395807389488372647",
"132506284100450515925055260109635384650",
"15626914318538742461429884095452584110",
"56287396207953316054146703578191466799",
"20380751437460212616876253637222379980",
"163629621338973307058873800478052052441",
"25352595195574359417880041363482909448",
"335761481003546974218991746147851565011",
"5046790947822584954323697921934692994",
"56320650226837401789641792496571934451",
"16722415284511504649079254037155623744",
"232342567227214257526208001638129199617",
"173576210356171918807525706994591810305",
"243807738468509408460219795729349922854",
"330625691046730176786300782804018665942",
"219726525622754075676237923630304329781",
"119139650521512739463158732355403348911",
"215667919607160153155372984336961395051",
"239718795552571427566168858035350150579",
"7987558984567479218345146112537694020",
"33363232447793643447097582605938314341",
"174227686358294765452642687979267206268",
"282944405888060245442936280869587819214",
"136463978856502020036954520801951250098",
"89663810803968201105248913064998323902",
"319465531880607740424327917508776989344",
"70961496539031330404551052579537358957",
"50097023676545188792930153098625021049",
"298713818117629011068302864615537320891",
"17795467882971491010851540652232597940",
"183956941203145169005707606613799824267",
"160828791284281937599906299467130261719",
"97409445592432297045811281402826357005",
"139023614379140955860740449971104784948",
"229418005089612460385550913838939054263",
"238691219870813330421915352582384393272",
"206969213718509837465307982922312089301",
"267669098743028078120867503978775563817",
"324047436537294132143743488492109099135",
"50331507218899387210469534448264002000",
"182945048991490055313854425553974805451",
"175777624442155945688438649878319851773",
"336965900696302405653949472064898173356",
"116000985755283332901577877467218297391",
"150334520487414278834615100141773513244",
"256358039365454398039257690180032473336",
"90522913534650190870516759134685755856",
"312130806542216751680390873492744815729",
"71056638504990768084742787629662510964",
"222039460875439193892739393438584805773",
"82396013945408456795230577595056333782",
"277615823188644338749478633541077077349",
"73177740877961034671619940822526841244",
"182242737047980361896234253574204172597",
"270139666686017519128190972053982655060",
"280789038969911879819847274146700972684",
"127195894988458890005025375113590300632",
"224095711446903451089170268915435052378",
"249467641058294469451236898783224158761",
"34505517851144569534424389505926690917",
"181926339711443014290103475098225105304",
"134405640351810209701330033311676618685",
"85691735517347449311008818097392259383",
"129426273177754144750890090176668411102",
"204155612371349391517772476970283121692",
"237368390349372639166674219677674833981",
"18706634596854076763500127312040726691",
"265795668003857683217546574915109709168",
"192098695764790791807016310998743101529",
"50132205851043265482458091199236203873",
"329583298823061904764188849531103677626",
"321768222183286676830382411624171676657",
"102587916843189441473129335381922525478",
"161137528822882918063826466619031224998",
"15238058894799479718442650553975412386",
"171462317166403845265300963792830703964",
"331744892110334778297066182039374888344",
"326285890700357715306481830607670732752",
"123324534500294565774678219652286460623",
"288576427916736276951897063339480921283",
"137685248884094962831272445269326966955",
"259573223464972589894728003087633652679",
"12229016245657393565821281256763419903",
"271434579962706848000734217504209289591",
"194954709234320770596650361766011857023",
"42106648833517479078550596521203736027",
"278586902318726974416478788247158816089",
"39718064908596686921327949565597363579",
"321689676064398334586639265977019126404",
"172295762223456177805498932996843025950",
"171190226785773530665987430747253559223",
"70962918761805776992827304123417051261",
"243807738468509408460219795729349922854",
"128407842167289103363920487986283396306",
"30486387600434308231673102328328714167",
"279622566686338882656352513450053253867",
"256642794338437058535985324878029231406",
"161806651388242330758048499580591431458",
"305608186397194774266111296049997309825",
"339420659682533687962558130366211378928",
"71855633175038232396432775477005678562",
"249073138151195662472632059730126570547",
"132433570656101341823026047880048114214",
"6709710598048881714838137134275612892",
"308208083129171002052653631867087291248",
"296555942277343054565880265221298139606",
"131559545650161212223324363838998418440",
"64039125194452021872262519924401514682",
"118961055585304283145913797879143947388",
"247884008694609657141628299238743568397",
"171293053015680685936888175565534341639"
],
"threshold": 0.9
},
"id": "CVE-2022-38266-7878a3e9",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/convolve.c",
"function": "pixBlockconv"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"length": 1618.0,
"function_hash": "194222966182329504728387874506443469864"
},
"id": "CVE-2022-38266-91c838bd",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/writefile.c",
"function": "pixSaveTiledWithText"
},
"source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
"digest": {
"length": 1206.0,
"function_hash": "12514325910757870363945626727973878167"
},
"id": "CVE-2022-38266-9bac3a71",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/convolve.c",
"function": "pixBlockconvGray"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"length": 1527.0,
"function_hash": "323184524258691851030899488063032088414"
},
"id": "CVE-2022-38266-c76f3ee1",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/convolve.c",
"function": "pixBlockconvGrayTile"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"length": 2194.0,
"function_hash": "39439380929416837345246590450696758342"
},
"id": "CVE-2022-38266-cb836c1d",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/convolve.c",
"function": "pixBlockconvTiled"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"length": 2567.0,
"function_hash": "180701578817914977685385312801661336524"
},
"id": "CVE-2022-38266-e2b76f04",
"deprecated": false
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/convolve.c"
},
"source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
"digest": {
"line_hashes": [
"142687944739401579783131108414656574288",
"201034062270534434585309635036179873261",
"101783779189858749710641693804126539815",
"177744396246047488489194760855635114409",
"217589891281716741905835003467922133520",
"155683930248614161309172936765146549454",
"37506900475782981709958996936800992918",
"282478721701590122475323442718811071483",
"233011679236363123113219388198761283272",
"49392454193378923140811332590611124867",
"9067327562013312912910259027634227939",
"12883704884094609281377949045773782924",
"327218352251503874326669195827928492276",
"294121515046791657667602444602285262480",
"207142706606592774765602656220960572315",
"12222187284888431553617024287988557489",
"335708050602849182361241438808612780105",
"273190317129502251305573892345269088399",
"213879578030313125294466309702231906333",
"330758579395098673704251417818538732111",
"277634281680104543084564387921110093272",
"234399478704867573224167617820491456335",
"326992608877239575338370915842390145606",
"132519317142346173665876172504554225279",
"22967763679373302999880892390882686850",
"312050227442871115472828413956502599715",
"59751550462060623743221248628764117505",
"329430227547791698376518571957255319509",
"34033495885621572044534756974432024175",
"65526839783685569942649588610550413665",
"77172213489155824004775962567308884593",
"189574982104400772993845319624246771397",
"27022845058259732042057004757373641379",
"277634281680104543084564387921110093272",
"234399478704867573224167617820491456335",
"246330173764435942135663721713876577066",
"267402451749325548163667999315092784561",
"327923074142843513087545911780942418794",
"49392454193378923140811332590611124867",
"9067327562013312912910259027634227939",
"12883704884094609281377949045773782924",
"327218352251503874326669195827928492276",
"221428782169730216980215117190589113496",
"31073836214758061296356562278722204445",
"99977816857742590904248979134399984847",
"267239025807955049617846560215301477850",
"127108136492156484424137653987206393232",
"242807067124057227392065283883483273238",
"203847020159918041326901726742149685747",
"303951206095874250475428804308662388515",
"217589891281716741905835003467922133520",
"155683930248614161309172936765146549454",
"254293335870146152726450040941591846685",
"271133023252533924224536176015979280823",
"224617697264196646143856594971000659818",
"63222152649205545579919925561021139258",
"23806955609469060016949701792431265145",
"2243106916923003485090074722572399265",
"327218352251503874326669195827928492276",
"294121515046791657667602444602285262480",
"196227737742390761144735229993778786888",
"60610115532862508938111502255048473496",
"292041053284100144147188576584411216981",
"139655666406197187178269811872080222488",
"283063029091975466058256926695650597776",
"199434952921222096222325468973401162100",
"223910543448937513266648854872693316858",
"21485823792907979205906084238426050261",
"277634281680104543084564387921110093272",
"234399478704867573224167617820491456335",
"149274144685923177013481437625494919520",
"58043111826102603363978491591292522334",
"274766323238895867572016565634330636165",
"63222152649205545579919925561021139258",
"23806955609469060016949701792431265145",
"2243106916923003485090074722572399265",
"327218352251503874326669195827928492276",
"221428782169730216980215117190589113496",
"167931248247221954988336405880508340683",
"112938284272344783442952300490258812142",
"318260020435716496059788782436673968704"
],
"threshold": 0.9
},
"id": "CVE-2022-38266-f066cb69",
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/writefile.c",
"function": "pixSaveTiled"
},
"source": "https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51",
"digest": {
"length": 544.0,
"function_hash": "180438311509628637530656543879059859147"
},
"id": "CVE-2022-38266-f79bcddc",
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38266.json"