Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASMATE-DESKTOP1.X-2023-002

Related Vulnerabilities: CVE-2021-32490   CVE-2021-32491   CVE-2021-32492   CVE-2021-32493   CVE-2021-3500  

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32490) A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32491) A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32492) A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32493) A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-3500)

Source

ALASMATE-DESKTOP1.X-2023-002

Amazon Linux 2 Security Advisory: ALASMATE-DESKTOP1.X-2023-002
Advisory Release Date: 2023-09-14 19:02 Pacific
Advisory Updated Date: 2023-09-25 22:09 Pacific
Severity: Important
Issue Overview:

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32490)

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32491)

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32492)

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32493)

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-3500)


Affected Packages:

djvulibre


Issue Correction:
Run yum update djvulibre to update your system.

New Packages:
aarch64:
    djvulibre-3.5.27-28.amzn2.0.1.aarch64
    djvulibre-libs-3.5.27-28.amzn2.0.1.aarch64
    djvulibre-devel-3.5.27-28.amzn2.0.1.aarch64
    djvulibre-debuginfo-3.5.27-28.amzn2.0.1.aarch64

src:
    djvulibre-3.5.27-28.amzn2.0.1.src

x86_64:
    djvulibre-3.5.27-28.amzn2.0.1.x86_64
    djvulibre-libs-3.5.27-28.amzn2.0.1.x86_64
    djvulibre-devel-3.5.27-28.amzn2.0.1.x86_64
    djvulibre-debuginfo-3.5.27-28.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493, CVE-2021-3500

Mitre: CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493, CVE-2021-3500

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started