A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | djvulibre | < 3.5.28-2 | djvulibre_3.5.28-2_all.deb |
Debian | 11 | all | djvulibre | < 3.5.28-2 | djvulibre_3.5.28-2_all.deb |
Debian | 10 | all | djvulibre | < 3.5.27.1-10+deb10u1 | djvulibre_3.5.27.1-10+deb10u1_all.deb |
Debian | 999 | all | djvulibre | < 3.5.28-2 | djvulibre_3.5.28-2_all.deb |
Debian | 13 | all | djvulibre | < 3.5.28-2 | djvulibre_3.5.28-2_all.deb |