UbuntuUpdates.org

Package "djvulibre-bin"

Name: djvulibre-bin

Description:

Utilities for the DjVu image format

Latest version: 3.5.27.1-5ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Head package: djvulibre
Homepage: http://djvu.sourceforge.net/

Links


Download "djvulibre-bin"


Other versions of "djvulibre-bin" in Xenial

Repository Area Version
base universe 3.5.27.1-5
updates universe 3.5.27.1-5ubuntu0.1

Changelog

Version: 3.5.27.1-5ubuntu0.1 2019-11-21 21:07:13 UTC

  djvulibre (3.5.27.1-5ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread
    - debian/patches/CVE-2019-15142-pre1.patch: fix lengths in
      libdjvu/DjVmDir.cpp, libdjvu/miniexp.cpp, tools/csepdjvu.cpp.
    - debian/patches/CVE-2019-15142.patch: add checks to
      libdjvu/DjVmDir.cpp.
    - CVE-2019-15142
  * SECURITY UPDATE: infinite loop in bitmap reader
    - debian/patches/CVE-2019-15143.patch: check return code in
      libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
    - CVE-2019-15143
  * SECURITY UPDATE: uncontrolled recursion in sorting
    - debian/patches/CVE-2019-15144.patch: fix logic in
      libdjvu/GContainer.h.
    - CVE-2019-15144
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-15145.patch: check bytes in
      libdjvu/GBitmap.h.
    - CVE-2019-15145
  * SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
    - debian/patches/CVE-2019-18804.patch: add extra checks to
      libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
    - CVE-2019-18804

 -- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 10:29:06 -0500

CVE-2019-15142 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup
CVE-2019-15143 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_r
CVE-2019-15144 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due
CVE-2019-15145 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image
CVE-2019-18804 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.



About   -   Send Feedback to @ubuntu_updates