Bug 1183433 (CVE-2020-36279)

Summary:	VUL-1: CVE-2020-36279: leptonica: heap-based buffer over-read in rasteropGeneralLow
Product:	[openSUSE] openSUSE Distribution	Reporter:	Alexander Bergmann <abergmann>
Component:	Basesystem	Assignee:	Kyrill Detinov <lazy.kent>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Minor
Priority:	P4 - Low
Version:	Leap 15.2
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/279694/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Alexander Bergmann 2021-03-12 07:37:26 UTC

CVE-2020-36279

Leptonica before 1.80.0 allows a heap-based buffer over-read in
rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36279
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0
https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279