4 matches found
CVE-2019-15142
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
Code injection
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
CVE-2019-15142
CVE-2019-15142 affects DjVuLibre 3.5.27 in the DJVU reader component. The vulnerability arises in DjVmDir.cpp (and related GString handling) where the code reads a DJVU file into a GTArray and then uses a UTF-8 string path, leading to a heap-based out-of-bounds read and a denial-of-service crash ...
CVE-2019-15143
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...