CVE-2019-15142Out-of-bounds Read in Djvulibre

CWE-125Out-of-bounds Read10 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.9%
top 24.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Djvulibre Project DjvulibreDebian DjvulibreCanonical Ubuntu Linux+3 more
Timeline
PublishedAug 18
Latest updateMay 24

Description

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/djvulibre< djvulibre 3.5.27.1-11 (bookworm)
Debiandjvulibre_project/djvulibre< 3.5.27.1-11+3
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 10.0, 11.0, 8.0, 9.0, Fedora 29, 30, 31, Ubuntu Linux 16.04, 18.04, 19.04, 19.10

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-4fv6-38m4-qgqj: In DjVuLibre 32022-05-24
OSV
CVE-2019-15142: In DjVuLibre 32019-08-18

📋Vendor Advisories

2
Ubuntu
DjVuLibre vulnerabilities2019-11-21
Debian
CVE-2019-15142: djvulibre - In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers t...2019

💬Community

5
Bugzilla
CVE-2019-15142 djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp2019-11-01
Bugzilla
CVE-2019-15142 djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp [epel-6]2019-11-01
Bugzilla
CVE-2019-15142 djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp [epel-7]2019-11-01
Bugzilla
CVE-2019-15142 djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp [fedora-all]2019-11-01
Bugzilla
CVE-2019-15142 mingw-djvulibre: djvulibre: heap-based buffer overflow in GStringRep::strdup in libdjvu/GString.cpp [fedora-all]2019-11-01
CVE-2019-15142 — Out-of-bounds Read in Debian Djvulibre | cvebase