CVE-2012-6535 — Code Injection in Djvulibre

CWE-94 — Code Injection8 documents7 sources

Severity

9.3CRITICALNVD

EPSS

5.4%

top 9.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djvulibre Project Djvulibre Debian Djvulibre

Timeline

PublishedDec 2

Latest updateMay 17

Description

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/djvulibre< djvulibre 3.5.25.3-1 (bookworm)

▶Debiandjvulibre_project/djvulibre< 3.5.25.3-1+3

▶NVDdjvulibre_project/djvulibre3.5.25+24

🔴Vulnerability Details

GHSA

GHSA-chrr-fcqm-pgv4: DjVuLibre before 3↗2022-05-17

▶

OSV

CVE-2012-6535: DjVuLibre before 3↗2013-12-02

▶

📋Vendor Advisories

Ubuntu

DjVuLibre vulnerability↗2013-12-16

▶

Red Hat

djvulibre: DoS or arbitrary code execution via specially crafted DjVu file↗2013-03-19

▶

Debian

CVE-2012-6535: djvulibre - DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and o...↗2012

▶

💬Community

Bugzilla

CVE-2012-6535 djvulibre: DoS or arbitrary code execution via specially crafted DjVu file [epel-6]↗2013-12-17

▶

Bugzilla

CVE-2012-6535 djvulibre: DoS or arbitrary code execution via specially crafted DjVu file↗2013-12-17

▶