15 matches found
Astra Linux - уязвимость в djvulibre
In DjVuLibre 3.5.27, the sorting functionality also known as GArrayTemplate::sort allows attackers to cause a denial-of-service attack, resulting in an application crash due to uncontrolled recursion. This can occur when a PBM image file is mishandled in the libdjvu/GContainer.h header file...
SUSE CVE-2019-15144
In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...
CVE-2019-15143
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
CVE-2019-15144
In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...
CVE-2019-15142
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
Design/Logic Flaw
In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...
Code injection
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
Heap overflow
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read by crafting a DJVU file...
CVE-2019-15143
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
CVE-2019-15143
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error resource exhaustion caused by a GBitmap::readrleraw infinite loop by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp...
CVE-2019-15144
In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...
CVE-2019-15144
In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...
CVE-2019-15144
DjVuLibre 3.5.27 contains a denial-of-service flaw in GArrayTemplate::sort triggered by crafted PBM files (libdjvu/GContainer.h). This CVE is CVE-2019-15144. Connected advisories (Debian, Mageia, Gentoo, Fedora, Cloud Foundry, Astra Linux) confirm the issue and note fixes/updates to djvulibre pac...
CVE-2019-15145
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack application crash via an out-of-bounds read by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::getdirectcontext in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h...
DjVuLibre Buffer Overflow Vulnerability (CNVD-2019-29361)
DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A buffer overflow vulnerability exists in DjVuLibre version 3.5.27, which stems from a failure to perform zero-byte checking in...