CVE-2020-36281
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-36281
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36281.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-36281
- Downstream
- Related
- Published
- 2021-03-12T01:15:12Z
- Modified
- 2025-10-21T05:53:57.237403Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
- References
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
- https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
- https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0
- https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html
- https://security.gentoo.org/glsa/202107-53
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/
Affected packages
Git / github.com/danbloomberg/leptonica
Affected ranges
- Type
- GIT
- Repo
- https://github.com/danbloomberg/leptonica
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.74.0
1.74.1
1.74.2
1.74.3
1.74.4
1.75.0
1.75.1
1.75.2
1.75.3
1.76.0
1.77.0
1.78.0
1.79.0
v1.*
v1.42
v1.44
v1.46
v1.48
v1.50
v1.52
v1.54
v1.56
v1.58
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74.3
Database specific
vanir_signatures
[
{
"source": "https://github.com/danbloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5",
"target": {
"function": "pixFewColorsOctcubeQuantMixed",
"file": "src/colorquant1.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-36281-2a31c4bf",
"digest": {
"function_hash": "137720579056761129431122090688794822280",
"length": 2230.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/danbloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5",
"target": {
"file": "src/colorquant1.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-36281-8673505a",
"digest": {
"line_hashes": [
"235192948415574869261478969795863729665",
"88535004939424933844178503462582762294",
"141798957895417634311087600950342099689",
"30732697983296527819897672159956548443",
"47564440560045519040319772547856215622",
"135724435681094057024484866105448360916",
"205891709256487112822424975114785007185",
"222247342120702118308525358050660833558",
"75358991503455113481714351445446229776"
],
"threshold": 0.9
},
"signature_type": "Line"
}
]