Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Djvulibre
(Djvulibre_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 14 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-08-18 | CVE-2019-15144 | In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. | Ubuntu_linux, Debian_linux, Djvulibre, Fedora, Leap | 5.5 | ||
2019-08-18 | CVE-2019-15145 | DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. | Ubuntu_linux, Debian_linux, Djvulibre, Fedora, Leap | 5.5 | ||
2019-11-07 | CVE-2019-18804 | DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | Ubuntu_linux, Debian_linux, Djvulibre, Fedora, Leap | 7.5 | ||
2013-12-02 | CVE-2012-6535 | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | Djvulibre | N/A |