Debian-LTS has issued an advisory on December 8: https://www.debian.org/lts/security/2022/dla-3233 The issue is fixed upstream in 1.81.0.
Status comment: (none) => Fixed upstream in 1.81.0
Thanks David.
Packages: leptonica-1.81.0 mingw-leptonica-1.81.0 have been submitted to 8/updates_testing ########################## Advisory: This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. Reported in CVE-2022-38266. ########################## References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38266 https://bugs.mageia.org/show_bug.cgi?id=31266 https://www.debian.org/lts/security/2022/dla-3233 ########################## Affected files: lib64leptonica-devel-1.81.0-1.mga8.x86_64.rpm lib64leptonica5-1.81.0-1.mga8.x86_64.rpm lib64leptonica5-debuginfo-1.81.0-1.mga8.x86_64.rpm leptonica-debugsource-1.81.0-1.mga8.x86_64.rpm libleptonica-devel-1.81.0-1.mga8.i586.rpm libleptonica5-1.81.0-1.mga8.i586.rpm libleptonica5-debuginfo-1.81.0-1.mga8.i586.rpm leptonica-debugsource-1.81.0-1.mga8.i586.rpm mingw32-leptonica-debuginfo-1.81.0-1.mga8.noarch.rpm mingw64-leptonica-debuginfo-1.81.0-1.mga8.noarch.rpm mingw32-leptonica-static-1.81.0-1.mga8.noarch.rpm mingw32-leptonica-1.81.0-1.mga8.noarch.rpm mingw64-leptonica-1.81.0-1.mga8.noarch.rpm mingw64-leptonica-static-1.81.0-1.mga8.noarch.rpm From: leptonica-1.81.0-1.mga8.src.rpm mingw-leptonica-1.81.0-1.mga8.src.rpm
Assignee: zen25000 => qa-bugs
CC: (none) => zen25000Status comment: Fixed upstream in 1.81.0 => (none)
mingw64-leptonica-1.81.0-1.mga8 mingw32-leptonica-1.81.0-1.mga8 mingw32-leptonica-static-1.81.0-1.mga8 mingw64-leptonica-static-1.81.0-1.mga8 libleptonica-devel-1.81.0-1.mga8 libleptonica5-1.81.0-1.mga8 from SRPMS: leptonica-1.81.0-1.mga8.src.rpm mingw-leptonica-1.81.0-1.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues, just taking the 64-versions and omitting the debug packages. Ref. bug 28994 Comment 4, using Len's test file $ tesseract test.tiff test1 --psm 4 Tesseract Open Source OCR Engine v4.1.1 with Leptonica Page 1 and getting the same result with the same remark on alignment So OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0472.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED