Описание
Security update for djvulibre
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702).
- CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569).
- CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571).
- CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572).
- Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Ссылки
- Link for SUSE-SU-2019:2444-1
- E-Mail link for SUSE-SU-2019:2444-1
- SUSE Security Ratings
- SUSE Bug 1146569
- SUSE Bug 1146571
- SUSE Bug 1146572
- SUSE Bug 1146702
- SUSE CVE CVE-2019-15142 page
- SUSE CVE CVE-2019-15143 page
- SUSE CVE CVE-2019-15144 page
- SUSE CVE CVE-2019-15145 page
Описание
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
Затронутые продукты
Ссылки
- CVE-2019-15142
- SUSE Bug 1146702
Описание
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
Затронутые продукты
Ссылки
- CVE-2019-15143
- SUSE Bug 1146569
Описание
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
Затронутые продукты
Ссылки
- CVE-2019-15144
- SUSE Bug 1146571
Описание
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
Затронутые продукты
Ссылки
- CVE-2019-15145
- SUSE Bug 1146572