UbuntuUpdates.org

Package "djvulibre"

Name: djvulibre

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Development files for the DjVu image format
  • Linguistic support files for libdjvulibre
  • Runtime support for the DjVu image format

Latest version: 3.5.27.1-8ubuntu0.4
Release: bionic (18.04)
Level: security
Repository: main

Links



Other versions of "djvulibre" in Bionic

Repository Area Version
base universe 3.5.27.1-8
base main 3.5.27.1-8
security universe 3.5.27.1-8ubuntu0.4
updates main 3.5.27.1-8ubuntu0.4
updates universe 3.5.27.1-8ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.27.1-8ubuntu0.4 2021-07-05 15:06:20 UTC

  djvulibre (3.5.27.1-8ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2021-3630.patch: checks correct buffer size
      to use in libdjvu/GString.cpp.
    - CVE-2021-3630

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 01 Jul 2021 10:14:09 -0300

Source diff to previous version
CVE-2021-3630 An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to cras

Version: 3.5.27.1-8ubuntu0.3 2021-05-17 18:06:20 UTC

  djvulibre (3.5.27.1-8ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2021-3500.patch: prevent recursion in
      libdjvu/DjVuPort.cpp, libdjvu/DjVuPort.h.
    - CVE-2021-3500
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2021-32490.patch: add checks to
      libdjvu/IW44Image.cpp.
    - CVE-2021-32490
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-32491.patch: check for overflow in
      tools/ddjvu.cpp.
    - CVE-2021-32491
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2021-32492.patch: check pool in
      libdjvu/DataPool.cpp.
    - CVE-2021-32492
  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-32493.patch: check row size in
      libdjvu/GBitmap.cpp.
    - CVE-2021-32493
  * debian/patches: rename debian-changes to changes.patch to simplify
    maintenance.

 -- Marc Deslauriers <email address hidden> Mon, 17 May 2021 09:19:55 -0400

Source diff to previous version

Version: 3.5.27.1-8ubuntu0.1 2019-11-21 21:07:17 UTC

  djvulibre (3.5.27.1-8ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread
    - debian/patches/CVE-2019-15142-pre1.patch: fix lengths in
      libdjvu/DjVmDir.cpp, libdjvu/miniexp.cpp, tools/csepdjvu.cpp.
    - debian/patches/CVE-2019-15142.patch: add checks to
      libdjvu/DjVmDir.cpp.
    - CVE-2019-15142
  * SECURITY UPDATE: infinite loop in bitmap reader
    - debian/patches/CVE-2019-15143.patch: check return code in
      libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
    - CVE-2019-15143
  * SECURITY UPDATE: uncontrolled recursion in sorting
    - debian/patches/CVE-2019-15144.patch: fix logic in
      libdjvu/GContainer.h.
    - CVE-2019-15144
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-15145.patch: check bytes in
      libdjvu/GBitmap.h.
    - CVE-2019-15145
  * SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
    - debian/patches/CVE-2019-18804.patch: add extra checks to
      libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
    - CVE-2019-18804

 -- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 10:26:08 -0500

CVE-2019-15142 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup
CVE-2019-15143 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_r
CVE-2019-15144 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due
CVE-2019-15145 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image
CVE-2019-18804 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.



About   -   Send Feedback to @ubuntu_updates