DebianDEBIAN:DLA-2667-1:79C88[SECURITY] [DLA 2667-1] djvulibre security update
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.1%
Debian LTS Advisory DLA-2667-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
May 26, 2021 https://wiki.debian.org/LTS
Package : djvulibre
Version : 3.5.27.1-7+deb9u1
CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145
CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491
CVE-2021-32492 CVE-2021-32493
Debian Bug : 945114 988215
Several vulnerabilities were discovered in djvulibre, a library and
set of tools to handle documents in the DjVu format. An attacker could
crash document viewers and possibly execute arbitrary code through
crafted DjVu files.
For Debian 9 stretch, these problems have been fixed in version
3.5.27.1-7+deb9u1.
We recommend that you upgrade your djvulibre packages.
For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | ppc64el | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_ppc64el.deb |
| Debian | 10 | armhf | libdjvulibre21 | < 3.5.27.1-10+deb10u1 | libdjvulibre21_3.5.27.1-10+deb10u1_armhf.deb |
| Debian | 9 | armel | djvuserve | < 3.5.27.1-7+deb9u1 | djvuserve_3.5.27.1-7+deb9u1_armel.deb |
| Debian | 9 | armhf | libdjvulibre-dev | < 3.5.27.1-7+deb9u1 | libdjvulibre-dev_3.5.27.1-7+deb9u1_armhf.deb |
| Debian | 8 | armhf | djvulibre-dbg | < 3.5.25.4-4+deb8u1 | djvulibre-dbg_3.5.25.4-4+deb8u1_armhf.deb |
| Debian | 8 | i386 | djvulibre-bin | < 3.5.25.4-4+deb8u1 | djvulibre-bin_3.5.25.4-4+deb8u1_i386.deb |
| Debian | 10 | arm64 | djvuserve-dbgsym | < 3.5.27.1-10+deb10u1 | djvuserve-dbgsym_3.5.27.1-10+deb10u1_arm64.deb |
| Debian | 10 | mips | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mips.deb |
| Debian | 10 | mips64el | djvulibre-bin-dbgsym | < 3.5.27.1-10+deb10u1 | djvulibre-bin-dbgsym_3.5.27.1-10+deb10u1_mips64el.deb |
| Debian | 10 | mips | djvuserve-dbgsym | < 3.5.27.1-10+deb10u1 | djvuserve-dbgsym_3.5.27.1-10+deb10u1_mips.deb |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.1%