CVE-2021-3630Out-of-bounds Write in Project Djvulibre

CWE-787Out-of-bounds WriteCWE-99Resource Injection6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 43.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Djvulibre Project DjvulibreDebian DjvulibreDebian Linux+1 more
Timeline
PublishedJun 30
Latest updateMar 1

Description

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/djvulibre< djvulibre 3.5.27.1-12 (bookworm)
Debiandjvulibre_project/djvulibre< 3.5.27.1-12+3
CVEListV5djvulibre_project/djvulibreDjVuLibre 3.5.28

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33, 34

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-mpc3-cw77-gc2f: An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText2022-05-24
OSV
CVE-2021-3630: An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText2021-06-30

📋Vendor Advisories

3
Red Hat
kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios2024-03-01
Ubuntu
DjVuLibre vulnerability2021-07-05
Debian
CVE-2021-3630: djvulibre - An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::de...2021
CVE-2021-3630 — Out-of-bounds Write | cvebase