CVE-2022-38266

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-38266
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38266.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-38266
Downstream
Related
Published
2022-09-09T22:15:08Z
Modified
2025-10-15T14:08:02.726770Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.

References

Affected packages

Git / github.com/danbloomberg/leptonica

Affected ranges

Type
GIT
Repo
https://github.com/danbloomberg/leptonica
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f062b42c0ea8dddebdc6a152fd16152de215d614

Affected versions

1.*

1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
1.75.3
1.76.0
1.77.0
1.78.0
1.79.0
1.80.0

v1.*

v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1686.0,
            "function_hash": "59129913913116863254399662588375971480"
        },
        "target": {
            "function": "pixBlockconvGrayUnnormalized",
            "file": "src/convolve.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-4c463b66"
    },
    {
        "digest": {
            "length": 1618.0,
            "function_hash": "194222966182329504728387874506443469864"
        },
        "target": {
            "function": "pixBlockconv",
            "file": "src/convolve.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-91c838bd"
    },
    {
        "digest": {
            "length": 1527.0,
            "function_hash": "323184524258691851030899488063032088414"
        },
        "target": {
            "function": "pixBlockconvGray",
            "file": "src/convolve.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-c76f3ee1"
    },
    {
        "digest": {
            "length": 2194.0,
            "function_hash": "39439380929416837345246590450696758342"
        },
        "target": {
            "function": "pixBlockconvGrayTile",
            "file": "src/convolve.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-cb836c1d"
    },
    {
        "digest": {
            "length": 2567.0,
            "function_hash": "180701578817914977685385312801661336524"
        },
        "target": {
            "function": "pixBlockconvTiled",
            "file": "src/convolve.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-e2b76f04"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "142687944739401579783131108414656574288",
                "201034062270534434585309635036179873261",
                "101783779189858749710641693804126539815",
                "177744396246047488489194760855635114409",
                "217589891281716741905835003467922133520",
                "155683930248614161309172936765146549454",
                "37506900475782981709958996936800992918",
                "282478721701590122475323442718811071483",
                "233011679236363123113219388198761283272",
                "49392454193378923140811332590611124867",
                "9067327562013312912910259027634227939",
                "12883704884094609281377949045773782924",
                "327218352251503874326669195827928492276",
                "294121515046791657667602444602285262480",
                "207142706606592774765602656220960572315",
                "12222187284888431553617024287988557489",
                "335708050602849182361241438808612780105",
                "273190317129502251305573892345269088399",
                "213879578030313125294466309702231906333",
                "330758579395098673704251417818538732111",
                "277634281680104543084564387921110093272",
                "234399478704867573224167617820491456335",
                "326992608877239575338370915842390145606",
                "132519317142346173665876172504554225279",
                "22967763679373302999880892390882686850",
                "312050227442871115472828413956502599715",
                "59751550462060623743221248628764117505",
                "329430227547791698376518571957255319509",
                "34033495885621572044534756974432024175",
                "65526839783685569942649588610550413665",
                "77172213489155824004775962567308884593",
                "189574982104400772993845319624246771397",
                "27022845058259732042057004757373641379",
                "277634281680104543084564387921110093272",
                "234399478704867573224167617820491456335",
                "246330173764435942135663721713876577066",
                "267402451749325548163667999315092784561",
                "327923074142843513087545911780942418794",
                "49392454193378923140811332590611124867",
                "9067327562013312912910259027634227939",
                "12883704884094609281377949045773782924",
                "327218352251503874326669195827928492276",
                "221428782169730216980215117190589113496",
                "31073836214758061296356562278722204445",
                "99977816857742590904248979134399984847",
                "267239025807955049617846560215301477850",
                "127108136492156484424137653987206393232",
                "242807067124057227392065283883483273238",
                "203847020159918041326901726742149685747",
                "303951206095874250475428804308662388515",
                "217589891281716741905835003467922133520",
                "155683930248614161309172936765146549454",
                "254293335870146152726450040941591846685",
                "271133023252533924224536176015979280823",
                "224617697264196646143856594971000659818",
                "63222152649205545579919925561021139258",
                "23806955609469060016949701792431265145",
                "2243106916923003485090074722572399265",
                "327218352251503874326669195827928492276",
                "294121515046791657667602444602285262480",
                "196227737742390761144735229993778786888",
                "60610115532862508938111502255048473496",
                "292041053284100144147188576584411216981",
                "139655666406197187178269811872080222488",
                "283063029091975466058256926695650597776",
                "199434952921222096222325468973401162100",
                "223910543448937513266648854872693316858",
                "21485823792907979205906084238426050261",
                "277634281680104543084564387921110093272",
                "234399478704867573224167617820491456335",
                "149274144685923177013481437625494919520",
                "58043111826102603363978491591292522334",
                "274766323238895867572016565634330636165",
                "63222152649205545579919925561021139258",
                "23806955609469060016949701792431265145",
                "2243106916923003485090074722572399265",
                "327218352251503874326669195827928492276",
                "221428782169730216980215117190589113496",
                "167931248247221954988336405880508340683",
                "112938284272344783442952300490258812142",
                "318260020435716496059788782436673968704"
            ]
        },
        "target": {
            "file": "src/convolve.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614",
        "id": "CVE-2022-38266-f066cb69"
    }
]