Vulnerability Details : CVE-2021-36081
Potential exploit
Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-36081
- cpe:2.3:a:tesseract_ocr_project:tesseract_ocr:5.0.0:alpha-20201231:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36081
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36081
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-36081
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-36081
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
29698 - tesseract-ocr:fuzzer-api-512x256: Heap-use-after-free in __libcpp_strpbrk - oss-fuzzExploit;Issue Tracking;Patch;Third Party Advisory
-
https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
Remove Python training scripts which were moved to tesstrain · tesseract-ocr/tesseract@e6f1562 · GitHubPatch;Third Party Advisory
-
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
oss-fuzz-vulns/OSV-2021-211.yaml at main · google/oss-fuzz-vulns · GitHubThird Party Advisory
Jump to