{"schema_version":"1.7.2","id":"OESA-2023-1134","modified":"2023-03-04T11:04:59Z","published":"2023-03-04T11:04:59Z","upstream":["CVE-2022-38266"],"summary":"leptonica security update","details":"The library supports many operations that are useful on\n\t\t* Document images\n\t\t* Natural images\n\t\tFundamental image processing and image analysis operations\n\t\t* Rasterop (aka bitblt)\n\t\t* Affine transforms (scaling, translation, rotation, shear)on images of arbitrary pixel depth\n\t\t* Projective and bi-linear transforms\n\t\t* Binary and gray scale morphology, rank order filters, and convolution\n\t\t* Seed-fill and connected components\n\t\t* Image transformations with changes in pixel depth, both at the same scale and with scale change\n\t\t* Pixelwise masking, blending, enhancement, arithmetic ops,etc.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.(CVE-2022-38266)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"leptonica","purl":"pkg:rpm/openEuler/leptonica\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.79.0-3.oe1"}]}],"ecosystem_specific":{"aarch64":["leptonica-tools-1.79.0-3.oe1.aarch64.rpm","leptonica-debugsource-1.79.0-3.oe1.aarch64.rpm","leptonica-debuginfo-1.79.0-3.oe1.aarch64.rpm","leptonica-1.79.0-3.oe1.aarch64.rpm","leptonica-devel-1.79.0-3.oe1.aarch64.rpm"],"src":["leptonica-1.79.0-3.oe1.src.rpm"],"x86_64":["leptonica-1.79.0-3.oe1.x86_64.rpm","leptonica-devel-1.79.0-3.oe1.x86_64.rpm","leptonica-debugsource-1.79.0-3.oe1.x86_64.rpm","leptonica-debuginfo-1.79.0-3.oe1.x86_64.rpm","leptonica-tools-1.79.0-3.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"leptonica","purl":"pkg:rpm/openEuler/leptonica\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.79.0-3.oe1"}]}],"ecosystem_specific":{"aarch64":["leptonica-tools-1.79.0-3.oe1.aarch64.rpm","leptonica-debuginfo-1.79.0-3.oe1.aarch64.rpm","leptonica-devel-1.79.0-3.oe1.aarch64.rpm","leptonica-1.79.0-3.oe1.aarch64.rpm","leptonica-debugsource-1.79.0-3.oe1.aarch64.rpm"],"src":["leptonica-1.79.0-3.oe1.src.rpm"],"x86_64":["leptonica-devel-1.79.0-3.oe1.x86_64.rpm","leptonica-debuginfo-1.79.0-3.oe1.x86_64.rpm","leptonica-tools-1.79.0-3.oe1.x86_64.rpm","leptonica-debugsource-1.79.0-3.oe1.x86_64.rpm","leptonica-1.79.0-3.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"leptonica","purl":"pkg:rpm/openEuler/leptonica\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.79.0-3.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["leptonica-debugsource-1.79.0-3.oe2203.aarch64.rpm","leptonica-tools-1.79.0-3.oe2203.aarch64.rpm","leptonica-1.79.0-3.oe2203.aarch64.rpm","leptonica-debuginfo-1.79.0-3.oe2203.aarch64.rpm","leptonica-devel-1.79.0-3.oe2203.aarch64.rpm","leptonica-tools-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-devel-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-debuginfo-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-debugsource-1.79.0-3.oe2203sp1.aarch64.rpm"],"src":["leptonica-1.79.0-3.oe2203.src.rpm","leptonica-1.79.0-3.oe2203sp1.src.rpm"],"x86_64":["leptonica-devel-1.79.0-3.oe2203.x86_64.rpm","leptonica-1.79.0-3.oe2203.x86_64.rpm","leptonica-tools-1.79.0-3.oe2203.x86_64.rpm","leptonica-debugsource-1.79.0-3.oe2203.x86_64.rpm","leptonica-debuginfo-1.79.0-3.oe2203.x86_64.rpm","leptonica-debugsource-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-debuginfo-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-tools-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-devel-1.79.0-3.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"leptonica","purl":"pkg:rpm/openEuler/leptonica\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.79.0-3.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["leptonica-tools-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-devel-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-debuginfo-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-1.79.0-3.oe2203sp1.aarch64.rpm","leptonica-debugsource-1.79.0-3.oe2203sp1.aarch64.rpm"],"src":["leptonica-1.79.0-3.oe2203sp1.src.rpm"],"x86_64":["leptonica-debugsource-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-debuginfo-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-tools-1.79.0-3.oe2203sp1.x86_64.rpm","leptonica-devel-1.79.0-3.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1134"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38266"}],"database_specific":{"severity":"Medium"}}