Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-202105-18
log
original
external
raw
[ASA-202105-18] djvulibre: arbitrary code execution
Arch Linux Security Advisory ASA-202105-18 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID :
CVE-2021-3500
CVE-2021-32490
CVE-2021-32491
CVE-2021-32492
CVE-2021-32493
Package :
djvulibre
Type : arbitrary code execution Remote : No Link :
https://security.archlinux.org/AVG-1899
Summary ======= The package
djvulibre
before version 3.5.28-3 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.5.28-3. # pacman -Syu "
djvulibre
>=3.5.28-3" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== -
CVE-2021-3500
(arbitrary code execution) A security issue was found in
djvulibre
. A stack overflow in the function DJVU::DjVuDocument::get_djvu_file() may lead to an application crash and other consequences via a crafted djvu file. -
CVE-2021-32490
(arbitrary code execution) A security issue was found in
djvulibre
. An out of bounds write in the function DJVU::filter_bv() may lead to an application crash and other consequences via a crafted djvu file. -
CVE-2021-32491
(arbitrary code execution) A security issue was found in
djvulibre
. An integer overflow in the function render() in tools/ddjvu may lead to an application crash and other consequences via a crafted djvu file. -
CVE-2021-32492
(arbitrary code execution) A security issue was found in
djvulibre
. An out of bounds read in the function DJVU::DataPool::has_data() may lead to an application crash and other consequences via a crafted djvu file. -
CVE-2021-32493
(arbitrary code execution) A security issue was found in
djvulibre
. A heap buffer overflow in the function DJVU::GBitmap::decode() may lead to an application crash and other consequences via a crafted djvu file. Impact ====== An attacker could cause a crash, or possible execute arbitrary code, using a crafted djvu file. References ==========
https://bugs.archlinux.org/task/70787
https://bugzilla.redhat.com/show_bug.cgi?id=1943685
https://bugzilla.redhat.com/show_bug.cgi?id=1943411
https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide/f/djvulibre-3.5.27-djvuport-stack-overflow.patch
https://bugzilla.redhat.com/show_bug.cgi?id=1943693
https://bugzilla.redhat.com/show_bug.cgi?id=1943408
https://bugzilla.redhat.com/attachment.cgi?id=1770184&action=diff
https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide/f/djvulibre-3.5.27-check-image-size.patch
https://bugzilla.redhat.com/show_bug.cgi?id=1943684
https://bugzilla.redhat.com/show_bug.cgi?id=1943409
https://bugzilla.redhat.com/attachment.cgi?id=1770218&action=diff
https://src.fedoraproject.org/rpms/djvulibre/blob/4b8d9b4bcb10c24739ca2dcd68a7fba4abe90860/f/djvulibre-3.5.27-integer-overflow.patch
https://bugzilla.redhat.com/show_bug.cgi?id=1943686
https://bugzilla.redhat.com/show_bug.cgi?id=1943410
https://bugzilla.redhat.com/attachment.cgi?id=1770220&action=diff
https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide/f/djvulibre-3.5.27-check-input-pool.patch
https://bugzilla.redhat.com/show_bug.cgi?id=1943690
https://bugzilla.redhat.com/show_bug.cgi?id=1943424
https://bugzilla.redhat.com/attachment.cgi?id=1774554&action=diff
https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide/f/djvulibre-3.5.27-unsigned-short-overflow.patch
https://security.archlinux.org/CVE-2021-3500
https://security.archlinux.org/CVE-2021-32490
https://security.archlinux.org/CVE-2021-32491
https://security.archlinux.org/CVE-2021-32492
https://security.archlinux.org/CVE-2021-32493