5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.3%
Package : djvulibre
Version : 3.5.25.4-4+deb8u1
CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144
CVE-2019-15145
Hongxu Chen found several issues in djvulibre, a library and set of tools
to handle images in the DjVu format.
The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop
and an invalid read when working with crafted files as input.
For Debian 8 "Jessie", these problems have been fixed in version
3.5.25.4-4+deb8u1.
We recommend that you upgrade your djvulibre packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | ppc64el | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_ppc64el.deb |
Debian | 10 | armhf | libdjvulibre21 | < 3.5.27.1-10+deb10u1 | libdjvulibre21_3.5.27.1-10+deb10u1_armhf.deb |
Debian | 9 | armel | djvuserve | < 3.5.27.1-7+deb9u1 | djvuserve_3.5.27.1-7+deb9u1_armel.deb |
Debian | 9 | armhf | libdjvulibre-dev | < 3.5.27.1-7+deb9u1 | libdjvulibre-dev_3.5.27.1-7+deb9u1_armhf.deb |
Debian | 8 | armhf | djvulibre-dbg | < 3.5.25.4-4+deb8u1 | djvulibre-dbg_3.5.25.4-4+deb8u1_armhf.deb |
Debian | 8 | i386 | djvulibre-bin | < 3.5.25.4-4+deb8u1 | djvulibre-bin_3.5.25.4-4+deb8u1_i386.deb |
Debian | 10 | arm64 | djvuserve-dbgsym | < 3.5.27.1-10+deb10u1 | djvuserve-dbgsym_3.5.27.1-10+deb10u1_arm64.deb |
Debian | 10 | mips | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mips.deb |
Debian | 10 | mips64el | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mips64el.deb |
Debian | 10 | mips | djvuserve-dbgsym | < 3.5.27.1-10+deb10u1 | djvuserve-dbgsym_3.5.27.1-10+deb10u1_mips.deb |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.3%