Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| optical_character_recognition_project | optical_character_recognition | 0.40 |
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| optical_character_recognition_project | optical_character_recognition | * |
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| optical_character_recognition_project | optical_character_recognition | * |
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| optical_character_recognition_project | optical_character_recognition | * |