Package "djvulibre-desktop"
| Name: |
djvulibre-desktop
|
Description: |
Desktop support for the DjVu image format
|
| Latest version: |
3.5.27.1-8ubuntu0.4 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
djvulibre |
| Homepage: |
http://djvu.sourceforge.net/ |
Links
Download "djvulibre-desktop"
Other versions of "djvulibre-desktop" in Bionic
Changelog
|
djvulibre (3.5.27.1-8ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write
- debian/patches/CVE-2021-3630.patch: checks correct buffer size
to use in libdjvu/GString.cpp.
- CVE-2021-3630
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 01 Jul 2021 10:14:09 -0300
|
| Source diff to previous version |
| CVE-2021-3630 |
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to cras |
|
|
djvulibre (3.5.27.1-8ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Stack overflow
- debian/patches/CVE-2021-3500.patch: prevent recursion in
libdjvu/DjVuPort.cpp, libdjvu/DjVuPort.h.
- CVE-2021-3500
* SECURITY UPDATE: Out of bounds write
- debian/patches/CVE-2021-32490.patch: add checks to
libdjvu/IW44Image.cpp.
- CVE-2021-32490
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-32491.patch: check for overflow in
tools/ddjvu.cpp.
- CVE-2021-32491
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2021-32492.patch: check pool in
libdjvu/DataPool.cpp.
- CVE-2021-32492
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-32493.patch: check row size in
libdjvu/GBitmap.cpp.
- CVE-2021-32493
* debian/patches: rename debian-changes to changes.patch to simplify
maintenance.
-- Marc Deslauriers <email address hidden> Mon, 17 May 2021 09:19:55 -0400
|
| Source diff to previous version |
|
djvulibre (3.5.27.1-8ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overread
- debian/patches/CVE-2019-15142-pre1.patch: fix lengths in
libdjvu/DjVmDir.cpp, libdjvu/miniexp.cpp, tools/csepdjvu.cpp.
- debian/patches/CVE-2019-15142.patch: add checks to
libdjvu/DjVmDir.cpp.
- CVE-2019-15142
* SECURITY UPDATE: infinite loop in bitmap reader
- debian/patches/CVE-2019-15143.patch: check return code in
libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
- CVE-2019-15143
* SECURITY UPDATE: uncontrolled recursion in sorting
- debian/patches/CVE-2019-15144.patch: fix logic in
libdjvu/GContainer.h.
- CVE-2019-15144
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-15145.patch: check bytes in
libdjvu/GBitmap.h.
- CVE-2019-15145
* SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
- debian/patches/CVE-2019-18804.patch: add extra checks to
libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
- CVE-2019-18804
-- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 10:26:08 -0500
|
| CVE-2019-15142 |
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup |
| CVE-2019-15143 |
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_r |
| CVE-2019-15144 |
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due |
| CVE-2019-15145 |
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image |
| CVE-2019-18804 |
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. |
|
About
-
Send Feedback to @ubuntu_updates
