Package "djview"

Name: djview


Transition package, djview3 to djview4

Latest version:
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: djvulibre
Homepage: http://djvu.sourceforge.net/


Download "djview"

Other versions of "djview" in Xenial

Repository Area Version
base universe
security universe


Version: 2019-11-21 21:07:14 UTC

  djvulibre ( xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread
    - debian/patches/CVE-2019-15142-pre1.patch: fix lengths in
      libdjvu/DjVmDir.cpp, libdjvu/miniexp.cpp, tools/csepdjvu.cpp.
    - debian/patches/CVE-2019-15142.patch: add checks to
    - CVE-2019-15142
  * SECURITY UPDATE: infinite loop in bitmap reader
    - debian/patches/CVE-2019-15143.patch: check return code in
      libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
    - CVE-2019-15143
  * SECURITY UPDATE: uncontrolled recursion in sorting
    - debian/patches/CVE-2019-15144.patch: fix logic in
    - CVE-2019-15144
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-15145.patch: check bytes in
    - CVE-2019-15145
  * SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
    - debian/patches/CVE-2019-18804.patch: add extra checks to
      libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
    - CVE-2019-18804

 -- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 10:29:06 -0500

CVE-2019-15142 In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup
CVE-2019-15143 In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_r
CVE-2019-15144 In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due
CVE-2019-15145 DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image
CVE-2019-18804 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

About   -   Send Feedback to @ubuntu_updates