Description
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

A local attacker can induce a denial of service by creating a specially crafted PNG file with an oversized buffer. When the jiNa OCR Image to Text 1.0 application attempts to convert this file to PDF, the buffer overflow causes the program to crash, resulting in an outage. The weakness is an Out‑of‑Bounds Buffer Access, classified as CWE‑789.

Affected Systems

The vulnerability affects the jiNa OCR Image to Text application compiled in version 1.0, as distributed by Convertimagetotext. No other versions or product lines are referenced in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate impact. The EPSS score is listed as less than 1%, suggesting that exploitation is very unlikely in the wild. The vulnerability is not included in the CISA KEV catalog. Attackers must have local access to the system running the application; remote exploitation is not described in the data. There are no publicly known exploits beyond the exploit‑db reference, so the attack path requires an attacker with a foothold on the machine to supply the malformed PNG.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of jiNa OCR Image to Text if a patch is available from Convertimagetotext.
  • Limit access to the application so that only trusted users can run it and provide image files.
  • Validate or sanitise PNG files before they reach the OCR process, rejecting files that exceed reasonable size limits.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Convertimagetotext
Convertimagetotext jina Ocr Image To Text
Vendors & Products Convertimagetotext
Convertimagetotext jina Ocr Image To Text

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.
Title jiNa OCR Image to Text 1.0 Denial of Service via PNG
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Convertimagetotext Jina Ocr Image To Text
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T14:05:39.944Z

Reserved: 2026-04-26T13:01:36.569Z

Link: CVE-2018-25279

cve-icon Vulnrichment

Updated: 2026-04-27T14:05:24.143Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:28.547

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses