{"id":"CVE-2022-38266","details":"An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.","modified":"2026-04-12T05:05:47.294372Z","published":"2022-09-09T22:15:08.830Z","related":["MGASA-2022-0472"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"10.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00018.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202312-01"},{"type":"REPORT","url":"https://github.com/tesseract-ocr/tesseract/issues/3498"},{"type":"FIX","url":"https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/danbloomberg/leptonica","events":[{"introduced":"0"},{"fixed":"1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"},{"fixed":"f062b42c0ea8dddebdc6a152fd16152de215d614"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.80.0"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:leptonica:leptonica:*:*:*:*:*:*:*:*"}}],"versions":["1.74.0","1.74.1","1.74.2","1.74.3","1.74.4","1.75.0","1.75.1","1.75.2","1.75.3","1.76.0","1.77.0","1.78.0","1.79.0","1.80.0","v1.42","v1.44","v1.46","v1.48","v1.50","v1.52","v1.54","v1.56","v1.58","v1.60","v1.61","v1.62","v1.63","v1.64","v1.65","v1.66","v1.67","v1.68","v1.69","v1.70","v1.71","v1.72","v1.73","v1.74.3"],"database_specific":{"vanir_signatures":[{"target":{"function":"pixBlockconvGrayUnnormalized","file":"src/convolve.c"},"id":"CVE-2022-38266-4c463b66","deprecated":false,"digest":{"length":1686,"function_hash":"59129913913116863254399662588375971480"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"function":"pixSaveTiledOutline","file":"src/writefile.c"},"id":"CVE-2022-38266-4e166067","deprecated":false,"digest":{"length":2151,"function_hash":"222858898297859194060794536487657604718"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"},{"target":{"file":"src/writefile.c"},"id":"CVE-2022-38266-7878a3e9","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["71062267759714909252348090593844234556","97358072719284165189392170893531517432","301317317759245953588625345858371826055","62265654327906441521104646257649575358","207269623746465126863493617250051974480","213054983104096328696332740677714843767","105275085273569201920370165390215021858","38340088920289451107124175393972403026","9113138227959097645465941439285179527","4111592723007155595036886538810308299","97781248088056011640698607904627689088","74484671226634991667470442120316811390","253761626782854307962002115609073890392","187183657221129180758220836697949816218","46574432943433739278106365792165657011","273396866256614586075518406992790598460","295513790153078462153231921185831748119","131382178552060552096441612459281251532","140667745216844280532923469586221220692","38340088920289451107124175393972403026","66741564332115295234395807389488372647","132506284100450515925055260109635384650","15626914318538742461429884095452584110","56287396207953316054146703578191466799","20380751437460212616876253637222379980","163629621338973307058873800478052052441","25352595195574359417880041363482909448","335761481003546974218991746147851565011","5046790947822584954323697921934692994","56320650226837401789641792496571934451","16722415284511504649079254037155623744","232342567227214257526208001638129199617","173576210356171918807525706994591810305","243807738468509408460219795729349922854","330625691046730176786300782804018665942","219726525622754075676237923630304329781","119139650521512739463158732355403348911","215667919607160153155372984336961395051","239718795552571427566168858035350150579","7987558984567479218345146112537694020","33363232447793643447097582605938314341","174227686358294765452642687979267206268","282944405888060245442936280869587819214","136463978856502020036954520801951250098","89663810803968201105248913064998323902","319465531880607740424327917508776989344","70961496539031330404551052579537358957","50097023676545188792930153098625021049","298713818117629011068302864615537320891","17795467882971491010851540652232597940","183956941203145169005707606613799824267","160828791284281937599906299467130261719","97409445592432297045811281402826357005","139023614379140955860740449971104784948","229418005089612460385550913838939054263","238691219870813330421915352582384393272","206969213718509837465307982922312089301","267669098743028078120867503978775563817","324047436537294132143743488492109099135","50331507218899387210469534448264002000","182945048991490055313854425553974805451","175777624442155945688438649878319851773","336965900696302405653949472064898173356","116000985755283332901577877467218297391","150334520487414278834615100141773513244","256358039365454398039257690180032473336","90522913534650190870516759134685755856","312130806542216751680390873492744815729","71056638504990768084742787629662510964","222039460875439193892739393438584805773","82396013945408456795230577595056333782","277615823188644338749478633541077077349","73177740877961034671619940822526841244","182242737047980361896234253574204172597","270139666686017519128190972053982655060","280789038969911879819847274146700972684","127195894988458890005025375113590300632","224095711446903451089170268915435052378","249467641058294469451236898783224158761","34505517851144569534424389505926690917","181926339711443014290103475098225105304","134405640351810209701330033311676618685","85691735517347449311008818097392259383","129426273177754144750890090176668411102","204155612371349391517772476970283121692","237368390349372639166674219677674833981","18706634596854076763500127312040726691","265795668003857683217546574915109709168","192098695764790791807016310998743101529","50132205851043265482458091199236203873","329583298823061904764188849531103677626","321768222183286676830382411624171676657","102587916843189441473129335381922525478","161137528822882918063826466619031224998","15238058894799479718442650553975412386","171462317166403845265300963792830703964","331744892110334778297066182039374888344","326285890700357715306481830607670732752","123324534500294565774678219652286460623","288576427916736276951897063339480921283","137685248884094962831272445269326966955","259573223464972589894728003087633652679","12229016245657393565821281256763419903","271434579962706848000734217504209289591","194954709234320770596650361766011857023","42106648833517479078550596521203736027","278586902318726974416478788247158816089","39718064908596686921327949565597363579","321689676064398334586639265977019126404","172295762223456177805498932996843025950","171190226785773530665987430747253559223","70962918761805776992827304123417051261","243807738468509408460219795729349922854","128407842167289103363920487986283396306","30486387600434308231673102328328714167","279622566686338882656352513450053253867","256642794338437058535985324878029231406","161806651388242330758048499580591431458","305608186397194774266111296049997309825","339420659682533687962558130366211378928","71855633175038232396432775477005678562","249073138151195662472632059730126570547","132433570656101341823026047880048114214","6709710598048881714838137134275612892","308208083129171002052653631867087291248","296555942277343054565880265221298139606","131559545650161212223324363838998418440","64039125194452021872262519924401514682","118961055585304283145913797879143947388","247884008694609657141628299238743568397","171293053015680685936888175565534341639"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"},{"target":{"function":"pixBlockconv","file":"src/convolve.c"},"id":"CVE-2022-38266-91c838bd","deprecated":false,"digest":{"length":1618,"function_hash":"194222966182329504728387874506443469864"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"function":"pixSaveTiledWithText","file":"src/writefile.c"},"id":"CVE-2022-38266-9bac3a71","deprecated":false,"digest":{"length":1206,"function_hash":"12514325910757870363945626727973878167"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"},{"target":{"function":"pixBlockconvGray","file":"src/convolve.c"},"id":"CVE-2022-38266-c76f3ee1","deprecated":false,"digest":{"length":1527,"function_hash":"323184524258691851030899488063032088414"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"function":"pixBlockconvGrayTile","file":"src/convolve.c"},"id":"CVE-2022-38266-cb836c1d","deprecated":false,"digest":{"length":2194,"function_hash":"39439380929416837345246590450696758342"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"function":"pixBlockconvTiled","file":"src/convolve.c"},"id":"CVE-2022-38266-e2b76f04","deprecated":false,"digest":{"length":2567,"function_hash":"180701578817914977685385312801661336524"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"file":"src/convolve.c"},"id":"CVE-2022-38266-f066cb69","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["142687944739401579783131108414656574288","201034062270534434585309635036179873261","101783779189858749710641693804126539815","177744396246047488489194760855635114409","217589891281716741905835003467922133520","155683930248614161309172936765146549454","37506900475782981709958996936800992918","282478721701590122475323442718811071483","233011679236363123113219388198761283272","49392454193378923140811332590611124867","9067327562013312912910259027634227939","12883704884094609281377949045773782924","327218352251503874326669195827928492276","294121515046791657667602444602285262480","207142706606592774765602656220960572315","12222187284888431553617024287988557489","335708050602849182361241438808612780105","273190317129502251305573892345269088399","213879578030313125294466309702231906333","330758579395098673704251417818538732111","277634281680104543084564387921110093272","234399478704867573224167617820491456335","326992608877239575338370915842390145606","132519317142346173665876172504554225279","22967763679373302999880892390882686850","312050227442871115472828413956502599715","59751550462060623743221248628764117505","329430227547791698376518571957255319509","34033495885621572044534756974432024175","65526839783685569942649588610550413665","77172213489155824004775962567308884593","189574982104400772993845319624246771397","27022845058259732042057004757373641379","277634281680104543084564387921110093272","234399478704867573224167617820491456335","246330173764435942135663721713876577066","267402451749325548163667999315092784561","327923074142843513087545911780942418794","49392454193378923140811332590611124867","9067327562013312912910259027634227939","12883704884094609281377949045773782924","327218352251503874326669195827928492276","221428782169730216980215117190589113496","31073836214758061296356562278722204445","99977816857742590904248979134399984847","267239025807955049617846560215301477850","127108136492156484424137653987206393232","242807067124057227392065283883483273238","203847020159918041326901726742149685747","303951206095874250475428804308662388515","217589891281716741905835003467922133520","155683930248614161309172936765146549454","254293335870146152726450040941591846685","271133023252533924224536176015979280823","224617697264196646143856594971000659818","63222152649205545579919925561021139258","23806955609469060016949701792431265145","2243106916923003485090074722572399265","327218352251503874326669195827928492276","294121515046791657667602444602285262480","196227737742390761144735229993778786888","60610115532862508938111502255048473496","292041053284100144147188576584411216981","139655666406197187178269811872080222488","283063029091975466058256926695650597776","199434952921222096222325468973401162100","223910543448937513266648854872693316858","21485823792907979205906084238426050261","277634281680104543084564387921110093272","234399478704867573224167617820491456335","149274144685923177013481437625494919520","58043111826102603363978491591292522334","274766323238895867572016565634330636165","63222152649205545579919925561021139258","23806955609469060016949701792431265145","2243106916923003485090074722572399265","327218352251503874326669195827928492276","221428782169730216980215117190589113496","167931248247221954988336405880508340683","112938284272344783442952300490258812142","318260020435716496059788782436673968704"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/danbloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614"},{"target":{"function":"pixSaveTiled","file":"src/writefile.c"},"id":"CVE-2022-38266-f79bcddc","deprecated":false,"digest":{"length":544,"function_hash":"180438311509628637530656543879059859147"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/danbloomberg/leptonica/commit/1ac72c93fef1a5eb76b76d6723d2aee843dd6e51"}],"vanir_signatures_modified":"2026-04-12T05:05:47Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38266.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/tesseract-ocr/tesseract","events":[{"introduced":"0"},{"last_affected":"bfe1616b4eef525e4fc30405fc41260f40ffee5e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"5.0.0-alpha\\-20210401"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:tesseract_project:tesseract:5.0.0:alpha-20210401:*:*:*:*:*:*"}}],"versions":["1.03","1.04","1.04b","2.00","2.01","2.02","2.03","2.04","3.00","3.01","3.02.02","3.03-rc1","3.04.00","3.05.00dev","4.0.0","4.0.0-alpha","4.0.0-beta.1","4.0.0-beta.3","4.0.0-beta.4","4.0.0-rc3","4.0.0-rc4","4.00.00alpha","4.00.00dev","4.1.0-rc1","5.0.0-alpha","5.0.0-alpha-20201224","5.0.0-alpha-20201231","5.0.0-alpha-20210401"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38266.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}