Описание
Security update for djvulibre
This update for djvulibre fixes the following issues:
Security issues fixed:
- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
Список пакетов
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:1645-1
- E-Mail link for SUSE-SU-2021:1645-1
- SUSE Security Ratings
- SUSE Bug 1185900
- SUSE Bug 1185904
- SUSE Bug 1185905
- SUSE CVE CVE-2019-18804 page
- SUSE CVE CVE-2021-32491 page
- SUSE CVE CVE-2021-32492 page
- SUSE CVE CVE-2021-32493 page
Описание
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
Затронутые продукты
Ссылки
- CVE-2019-18804
- SUSE Bug 1156188
Описание
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
Затронутые продукты
Ссылки
- CVE-2021-32491
- SUSE Bug 1185900
Описание
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
Затронутые продукты
Ссылки
- CVE-2021-32492
- SUSE Bug 1185904
Описание
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
Затронутые продукты
Ссылки
- CVE-2021-32493
- SUSE Bug 1185905