Описание
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.28 (исключая)
cpe:2.3:a:djvulibre_project:djvulibre:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00333
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-787
CWE-787
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 4 лет назад
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
CVSS3: 5.5
debian
больше 4 лет назад
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...
EPSS
Процентиль: 56%
0.00333
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-787
CWE-787