Описание
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.5.27.1-8ubuntu0.1 |
| devel | not-affected | 3.5.27.1-11 |
| disco | released | 3.5.27.1-10ubuntu0.1 |
| eoan | not-affected | 3.5.27.1-11 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 3.5.27.1-8ubuntu0.1 |
| esm-infra/xenial | released | 3.5.27.1-5ubuntu0.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
Уязвимость библиотеки для просмотра, создания, редактирования DjVu-файлов DjVuLibre, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3