UbuntuUpdates.org

Package "djvulibre"

Name: djvulibre

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Development files for the DjVu image format
  • Linguistic support files for libdjvulibre
  • Runtime support for the DjVu image format

Latest version: 3.5.27.1-10ubuntu0.1
Release: disco (19.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "djvulibre": https://www.ubuntuupdates.org/djvulibre



Other versions of "djvulibre" in Disco

Repository Area Version
base universe 3.5.27.1-10
base main 3.5.27.1-10
security universe 3.5.27.1-10ubuntu0.1
updates universe 3.5.27.1-10ubuntu0.1
updates main 3.5.27.1-10ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.27.1-10ubuntu0.1 2019-11-21 21:07:24 UTC

  djvulibre (3.5.27.1-10ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread
    - debian/patches/CVE-2019-15142.patch: add checks to
      libdjvu/DjVmDir.cpp.
    - CVE-2019-15142
  * SECURITY UPDATE: infinite loop in bitmap reader
    - debian/patches/CVE-2019-15143.patch: check return code in
      libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
    - CVE-2019-15143
  * SECURITY UPDATE: uncontrolled recursion in sorting
    - debian/patches/CVE-2019-15144.patch: fix logic in
      libdjvu/GContainer.h.
    - CVE-2019-15144
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-15145.patch: check bytes in
      libdjvu/GBitmap.h.
    - CVE-2019-15145
  * SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
    - debian/patches/CVE-2019-18804.patch: add extra checks to
      libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
    - CVE-2019-18804

 -- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 10:07:27 -0500

CVE-2019-15142 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup
CVE-2019-15143 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_r
CVE-2019-15144 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due
CVE-2019-15145 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image
CVE-2019-18804 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.



About   -   Send Feedback to @ubuntu_updates