MGASA-2021-0247

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0247.html
Import Source
https://advisories.mageia.org/MGASA-2021-0247.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2021-0247
Related
Published
2021-06-13T21:32:39Z
Modified
2021-06-13T20:16:11Z
Summary
Updated djvulibre packages fix security vulnerabilities
Details

Stack overflow in function DJVU::DjVuDocument::getdjvufile() via crafted djvu file. (CVE-2021-3500).

Out of bounds write in function DJVU::filter_bv() via crafted djvu file. (CVE-2021-32490).

Integer overflow in function render() in tools/ddjvu via crafted djvu file. (CVE-2021-32491)

Out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file. (CVE-2021-32492).

Heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file. (CVE-2021-32493).

References
Credits

Affected packages

Mageia:7 / djvulibre

Package

Name
djvulibre
Purl
pkg:rpm/mageia/djvulibre?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.27-5.2.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / djvulibre

Package

Name
djvulibre
Purl
pkg:rpm/mageia/djvulibre?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.28-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}