Advisory ROSA-SA-2024-2428

software: djvulibre 3.5.28
WASP: ROSA-CHROME

package_evr_string: djvulibre-3.5.28-4

CVE-ID: CVE-2021-3500
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A flaw was discovered in djvulibre. A stack overflow in DJVU::DjVuDocument::get_djvu_file() via a created djvu file may cause the application to crash and other consequences.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update djvulibre

CVE-ID: CVE-2021-46312
BDU-ID: 2023-05878
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the IW44EncodeCodec.cpp component of the library for viewing, creating, editing DjVu files DjVuLibre is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update djvulibre

CVE-ID: CVE-2021-46310
BDU-ID: 2023-05879
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the IW44Image.cpp component of the library for viewing, creating, editing DjVu files DjVuLibre is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update djvulibre