DjVuLibre Project DjVuLibre 3.5.27

CPE Details

DjVuLibre Project DjVuLibre 3.5.27
djvulibre_project
djvulibre
3.5.27
2020-01-02
15h06 +00:00
2020-01-02
15h06 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:djvulibre_project:djvulibre:3.5.27:*:*:*:*:*:*:*

Informations

Vendor

djvulibre_project

Product

djvulibre

Version

3.5.27

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3630 2021-06-30 11h27 +00:00 An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
5.5
Moyen
CVE-2021-32493 2021-06-24 16h24 +00:00 A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
7.8
Haute
CVE-2021-32492 2021-06-24 16h21 +00:00 A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
7.8
Haute
CVE-2021-32490 2021-06-24 16h18 +00:00 A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
7.8
Haute
CVE-2021-32491 2021-06-24 16h11 +00:00 A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
7.8
Haute
CVE-2021-3500 2021-06-24 16h02 +00:00 A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
7.8
Haute
CVE-2019-18804 2019-11-07 04h25 +00:00 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
7.5
Haute
CVE-2019-15142 2019-08-18 16h30 +00:00 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
5.5
Moyen
CVE-2019-15143 2019-08-18 16h30 +00:00 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
5.5
Moyen
CVE-2019-15144 2019-08-18 16h30 +00:00 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
5.5
Moyen
CVE-2019-15145 2019-08-18 16h30 +00:00 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
5.5
Moyen