{"id":"CVE-2020-36279","details":"Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.","modified":"2026-04-12T00:00:40.898213Z","published":"2021-03-12T00:15:12.723Z","related":["MGASA-2021-0290"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"32"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"33"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-53"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512"},{"type":"FIX","url":"https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4"},{"type":"FIX","url":"https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/danbloomberg/leptonica","events":[{"introduced":"0"},{"fixed":"1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"},{"fixed":"3c18c43b6a3f753f0dfff99610d46ad46b8bfac4"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.80.0"}],"cpe":"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*"}}],"versions":["1.74.0","1.74.1","1.74.2","1.74.3","1.74.4","1.75.0","1.75.1","1.75.2","1.75.3","1.76.0","1.77.0","1.78.0","1.79.0","v1.42","v1.44","v1.46","v1.48","v1.50","v1.52","v1.54","v1.56","v1.58","v1.60","v1.61","v1.62","v1.63","v1.64","v1.65","v1.66","v1.67","v1.68","v1.69","v1.70","v1.71","v1.72","v1.73","v1.74.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36279.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2020-36279-0f687907","digest":{"threshold":0.9,"line_hashes":["81362234758130259267495613206735799961","15054280619941316691295314135288133102","4484148558191465594377915315605304042","194116013181746154125110216386605662260","61436161517752551309149596138420846069","190629107909838298901739338819580856406","156224939853568161350418904742996119544","124838404770538372858216803072222169682","253178892643778549093628888708981609734","5447494740761107717429061568320181144","227391905129093544452026576698844234531","148460964464645779829944294415425892486","221529814847440045212658527393564918667","26534482425209092818882778311231032359","5946677257847315731485435979595474415","27468411687633853649108371839785675795","140781049839103246903129433736467316025","107854278387746934718769748566364076821","188989353152932952740290027728566262253","192773605756823461569340226660705364461","71541299679424350352581067714700109211","217203401813387453161843241428047855610","259151313123775840393781461407936430687","70832926510622731366537038324344677376"]},"deprecated":false,"target":{"file":"src/adaptmap.c"},"source":"https://github.com/danbloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-36279-4e166067","digest":{"length":2151,"function_hash":"222858898297859194060794536487657604718"},"deprecated":false,"target":{"file":"src/writefile.c","function":"pixSaveTiledOutline"},"source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51","signature_version":"v1"},{"signature_type":"Line","id":"CVE-2020-36279-7878a3e9","digest":{"threshold":0.9,"line_hashes":["71062267759714909252348090593844234556","97358072719284165189392170893531517432","301317317759245953588625345858371826055","62265654327906441521104646257649575358","207269623746465126863493617250051974480","213054983104096328696332740677714843767","105275085273569201920370165390215021858","38340088920289451107124175393972403026","9113138227959097645465941439285179527","4111592723007155595036886538810308299","97781248088056011640698607904627689088","74484671226634991667470442120316811390","253761626782854307962002115609073890392","187183657221129180758220836697949816218","46574432943433739278106365792165657011","273396866256614586075518406992790598460","295513790153078462153231921185831748119","131382178552060552096441612459281251532","140667745216844280532923469586221220692","38340088920289451107124175393972403026","66741564332115295234395807389488372647","132506284100450515925055260109635384650","15626914318538742461429884095452584110","56287396207953316054146703578191466799","20380751437460212616876253637222379980","163629621338973307058873800478052052441","25352595195574359417880041363482909448","335761481003546974218991746147851565011","5046790947822584954323697921934692994","56320650226837401789641792496571934451","16722415284511504649079254037155623744","232342567227214257526208001638129199617","173576210356171918807525706994591810305","243807738468509408460219795729349922854","330625691046730176786300782804018665942","219726525622754075676237923630304329781","119139650521512739463158732355403348911","215667919607160153155372984336961395051","239718795552571427566168858035350150579","7987558984567479218345146112537694020","33363232447793643447097582605938314341","174227686358294765452642687979267206268","282944405888060245442936280869587819214","136463978856502020036954520801951250098","89663810803968201105248913064998323902","319465531880607740424327917508776989344","70961496539031330404551052579537358957","50097023676545188792930153098625021049","298713818117629011068302864615537320891","17795467882971491010851540652232597940","183956941203145169005707606613799824267","160828791284281937599906299467130261719","97409445592432297045811281402826357005","139023614379140955860740449971104784948","229418005089612460385550913838939054263","238691219870813330421915352582384393272","206969213718509837465307982922312089301","267669098743028078120867503978775563817","324047436537294132143743488492109099135","50331507218899387210469534448264002000","182945048991490055313854425553974805451","175777624442155945688438649878319851773","336965900696302405653949472064898173356","116000985755283332901577877467218297391","150334520487414278834615100141773513244","256358039365454398039257690180032473336","90522913534650190870516759134685755856","312130806542216751680390873492744815729","71056638504990768084742787629662510964","222039460875439193892739393438584805773","82396013945408456795230577595056333782","277615823188644338749478633541077077349","73177740877961034671619940822526841244","182242737047980361896234253574204172597","270139666686017519128190972053982655060","280789038969911879819847274146700972684","127195894988458890005025375113590300632","224095711446903451089170268915435052378","249467641058294469451236898783224158761","34505517851144569534424389505926690917","181926339711443014290103475098225105304","134405640351810209701330033311676618685","85691735517347449311008818097392259383","129426273177754144750890090176668411102","204155612371349391517772476970283121692","237368390349372639166674219677674833981","18706634596854076763500127312040726691","265795668003857683217546574915109709168","192098695764790791807016310998743101529","50132205851043265482458091199236203873","329583298823061904764188849531103677626","321768222183286676830382411624171676657","102587916843189441473129335381922525478","161137528822882918063826466619031224998","15238058894799479718442650553975412386","171462317166403845265300963792830703964","331744892110334778297066182039374888344","326285890700357715306481830607670732752","123324534500294565774678219652286460623","288576427916736276951897063339480921283","137685248884094962831272445269326966955","259573223464972589894728003087633652679","12229016245657393565821281256763419903","271434579962706848000734217504209289591","194954709234320770596650361766011857023","42106648833517479078550596521203736027","278586902318726974416478788247158816089","39718064908596686921327949565597363579","321689676064398334586639265977019126404","172295762223456177805498932996843025950","171190226785773530665987430747253559223","70962918761805776992827304123417051261","243807738468509408460219795729349922854","128407842167289103363920487986283396306","30486387600434308231673102328328714167","279622566686338882656352513450053253867","256642794338437058535985324878029231406","161806651388242330758048499580591431458","305608186397194774266111296049997309825","339420659682533687962558130366211378928","71855633175038232396432775477005678562","249073138151195662472632059730126570547","132433570656101341823026047880048114214","6709710598048881714838137134275612892","308208083129171002052653631867087291248","296555942277343054565880265221298139606","131559545650161212223324363838998418440","64039125194452021872262519924401514682","118961055585304283145913797879143947388","247884008694609657141628299238743568397","171293053015680685936888175565534341639"]},"deprecated":false,"target":{"file":"src/writefile.c"},"source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-36279-9bac3a71","digest":{"length":1206,"function_hash":"12514325910757870363945626727973878167"},"deprecated":false,"target":{"file":"src/writefile.c","function":"pixSaveTiledWithText"},"source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51","signature_version":"v1"},{"signature_type":"Line","id":"CVE-2020-36279-a6580782","digest":{"threshold":0.9,"line_hashes":["251080162832739455055086194993365489746","278959414217726688398710928210603099349","311618609443677437183392513070277862815","247643165702865339534003287410435872469","950038527228425020767740406403569545","78110287343001215417252741184989350864","321005428403349581721758778492774082875","8682276939122052570369527198793009584","85033190611370556181421272383173214860","266958059609866074794911674942116347303"]},"deprecated":false,"target":{"file":"prog/adaptmap_reg.c"},"source":"https://github.com/danbloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-36279-ac157feb","digest":{"length":3779,"function_hash":"291789165111310121023139458138873534538"},"deprecated":false,"target":{"file":"prog/adaptmap_reg.c","function":"main"},"source":"https://github.com/danbloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-36279-c55acdcb","digest":{"length":2065,"function_hash":"259320765935123524631508081266883726555"},"deprecated":false,"target":{"file":"src/adaptmap.c","function":"pixFillMapHoles"},"source":"https://github.com/danbloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-36279-f79bcddc","digest":{"length":544,"function_hash":"180438311509628637530656543879059859147"},"deprecated":false,"target":{"file":"src/writefile.c","function":"pixSaveTiled"},"source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T00:00:40Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}