A flaw was found in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. An Unsanitized input (rootname) can overflow a buffer, thus potentially leading to arbitrary code execution or possibly other unspecified impact. References: https://github.com/DanBloomberg/leptonica/pull/309 Patch: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
Created leptonica tracking bugs for this issue: Affects: epel-all [bug 1547125] Affects: fedora-all [bug 1547126]
Created mingw-leptonica tracking bugs for this issue: Affects: fedora-all [bug 1547133]