CVE-2018-3836

HIGH Year: 2018
CVSS v3 Score
7.0
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-78
View all →

Vulnerability Description

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.

Related Vulnerabilities

CVE-2019-1883

HIGH
CVSS:7.0(High)

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that ...

CWE-782019

CVE-2021-31799

HIGH
CVSS:7.0(High)

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

CWE-782021

CVE-2021-32830

HIGH
CVSS:7.0(High)

The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware...

CWE-782021

CVE-2022-24753

HIGH
CVSS:7.0(High)

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. T...

CWE-782022

CVE-2022-3133

HIGH
CVSS:7.0(High)

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.

CWE-782022

CVE-2017-6601

HIGH
CVSS:7.1(High)

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an ...

CWE-782017