[SECURITY] [DLA 1985-1] djvulibre security update

2019-11-0819:23:05

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Package : djvulibre
Version : 3.5.25.4-4+deb8u2
CVE ID : CVE-2019-18804

It was discovered that there was a NULL pointer dereference issue
in the IW44 encoder/decoder within DjVu, a set of compression
technologies for high-resolution ssues.

For Debian 8 "Jessie", this issue has been fixed in djvulibre version
3.5.25.4-4+deb8u2.

We recommend that you upgrade your djvulibre packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian10mipseldjvulibre-bin-dbgsym< 3.5.27.1-10+deb10u1djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mipsel.deb
Debian10ppc64eldjvuserve-dbgsym< 3.5.27.1-10+deb10u1djvuserve-dbgsym_3.5.27.1-10+deb10u1_ppc64el.deb
Debian10alllibdjvulibre-text< 3.5.27.1-10+deb10u1libdjvulibre-text_3.5.27.1-10+deb10u1_all.deb
Debian10i386djvulibre-bin-dbgsym< 3.5.27.1-10+deb10u1djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_i386.deb
Debian8armhfdjview< 3.5.25.4-4+deb8u2djview_3.5.25.4-4+deb8u2_armhf.deb
Debian8armhfdjview3< 3.5.25.4-4+deb8u2djview3_3.5.25.4-4+deb8u2_armhf.deb
Debian9armhfdjvulibre-dbg< 3.5.27.1-7+deb9u1djvulibre-dbg_3.5.27.1-7+deb9u1_armhf.deb
Debian9i386djvulibre-dbg< 3.5.27.1-7+deb9u1djvulibre-dbg_3.5.27.1-7+deb9u1_i386.deb
Debian10i386libdjvulibre-dev< 3.5.27.1-10+deb10u1libdjvulibre-dev_3.5.27.1-10+deb10u1_i386.deb
Debian10mipseldjvuserve-dbgsym< 3.5.27.1-10+deb10u1djvuserve-dbgsym_3.5.27.1-10+deb10u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	mipsel	djvulibre-bin-dbgsym	< 3.5.27.1-10+deb10u1	djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mipsel.deb
Debian	10	ppc64el	djvuserve-dbgsym	< 3.5.27.1-10+deb10u1	djvuserve-dbgsym_3.5.27.1-10+deb10u1_ppc64el.deb
Debian	10	all	libdjvulibre-text	< 3.5.27.1-10+deb10u1	libdjvulibre-text_3.5.27.1-10+deb10u1_all.deb
Debian	10	i386	djvulibre-bin-dbgsym	< 3.5.27.1-10+deb10u1	djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_i386.deb
Debian	8	armhf	djview	< 3.5.25.4-4+deb8u2	djview_3.5.25.4-4+deb8u2_armhf.deb
Debian	8	armhf	djview3	< 3.5.25.4-4+deb8u2	djview3_3.5.25.4-4+deb8u2_armhf.deb
Debian	9	armhf	djvulibre-dbg	< 3.5.27.1-7+deb9u1	djvulibre-dbg_3.5.27.1-7+deb9u1_armhf.deb
Debian	9	i386	djvulibre-dbg	< 3.5.27.1-7+deb9u1	djvulibre-dbg_3.5.27.1-7+deb9u1_i386.deb
Debian	10	i386	libdjvulibre-dev	< 3.5.27.1-10+deb10u1	libdjvulibre-dev_3.5.27.1-10+deb10u1_i386.deb
Debian	10	mipsel	djvuserve-dbgsym	< 3.5.27.1-10+deb10u1	djvuserve-dbgsym_3.5.27.1-10+deb10u1_mipsel.deb