CVE-2022-38266
Publication date 9 September 2022
Last updated 16 January 2026
Ubuntu priority
Description
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| leptonlib | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty |
Vulnerable
|
|
| tesseract | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty |
Vulnerable
|
Notes
bruce-cable
Tesseract needs a rebuild once leptonica is patched
john-breton
Only fix needed for tesseract is a rebuild once leptonlib is patched. Only bionic and lower were built against the vulnerable version leptonlib (libtonica).
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.5 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H