Univention Bugzilla – Bug 53352
djvulibre: Multiple issues (4.4)
Last modified: 2021-06-02 17:09:37 CEST
New Debian djvulibre 3.5.27.1-7+deb9u1 fixes: This update addresses the following issues: * In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. (CVE-2019-15142) * In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. (CVE-2019-15143) * In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. (CVE-2019-15144) * DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. (CVE-2019-15145) * DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. (CVE-2019-18804) * djvulibre (CVE-2021-3500) * djvulibre (CVE-2021-32490) * djvulibre (CVE-2021-32491) * djvulibre (CVE-2021-32492) * djvulibre (CVE-2021-32493)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/djvulibre_3.5.27.1-7.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/djvulibre_3.5.27.1-7+deb9u1.dsc @@ -1,3 +1,17 @@ +3.5.27.1-7+deb9u1 [Tue, 25 May 2021 18:02:31 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2019-15142: heap-buffer-overflow when reading a crafted file + * CVE-2019-15143: infinite loop that can be triggered by crafted file + * CVE-2019-15144: stack-overflow error when processing a crafted file + * CVE-2019-15145: invalid read error when reading a crafted file + * CVE-2019-18804: NULL pointer dereference issue in the IW44 encoder/decoder + * CVE-2021-3500: stack overflow in DJVU::DjVuDocument::get_djvu_file() + * CVE-2021-32490: out of bounds write in function DJVU::filter_bv() + * CVE-2021-32491: integer overflow in function render() in tools/ddjvu + * CVE-2021-32492: out of bounds read in function DJVU::DataPool::has_data() + * CVE-2021-32493: heap buffer overflow in function DJVU::GBitmap::decode() + 3.5.27.1-7 [Thu, 03 Nov 2016 11:03:32 +0000] Barak A. Pearlmutter <bap@debian.org>: * bump to debhelper 10 <http://piuparts.knut.univention.de/4.4-8/#517060050372304805>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x984>