Arch Linux alert ASA-202105-18 (djvulibre)
| From: | Jonas Witschel via arch-security <arch-security@lists.archlinux.org> | |
| To: | arch-security@lists.archlinux.org | |
| Subject: | [ASA-202105-18] djvulibre: arbitrary code execution | |
| Date: | Wed, 26 May 2021 12:32:33 +0200 | |
| Message-ID: | <20210526103233.vdpz5nsbjvg73kog@archlinux.org> | |
| Cc: | Jonas Witschel <diabonas@archlinux.org> |
Arch Linux Security Advisory ASA-202105-18 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 Package : djvulibre Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1899 Summary ======= The package djvulibre before version 3.5.28-3 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.5.28-3. # pacman -Syu "djvulibre>=3.5.28-3" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2021-3500 (arbitrary code execution) A security issue was found in djvulibre. A stack overflow in the function DJVU::DjVuDocument::get_djvu_file() may lead to an application crash and other consequences via a crafted djvu file. - CVE-2021-32490 (arbitrary code execution) A security issue was found in djvulibre. An out of bounds write in the function DJVU::filter_bv() may lead to an application crash and other consequences via a crafted djvu file. - CVE-2021-32491 (arbitrary code execution) A security issue was found in djvulibre. An integer overflow in the function render() in tools/ddjvu may lead to an application crash and other consequences via a crafted djvu file. - CVE-2021-32492 (arbitrary code execution) A security issue was found in djvulibre. An out of bounds read in the function DJVU::DataPool::has_data() may lead to an application crash and other consequences via a crafted djvu file. - CVE-2021-32493 (arbitrary code execution) A security issue was found in djvulibre. A heap buffer overflow in the function DJVU::GBitmap::decode() may lead to an application crash and other consequences via a crafted djvu file. Impact ====== An attacker could cause a crash, or possible execute arbitrary code, using a crafted djvu file. References ========== https://bugs.archlinux.org/task/70787 https://bugzilla.redhat.com/show_bug.cgi?id=1943685 https://bugzilla.redhat.com/show_bug.cgi?id=1943411 https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide... https://bugzilla.redhat.com/show_bug.cgi?id=1943693 https://bugzilla.redhat.com/show_bug.cgi?id=1943408 https://bugzilla.redhat.com/attachment.cgi?id=1770184&... https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide... https://bugzilla.redhat.com/show_bug.cgi?id=1943684 https://bugzilla.redhat.com/show_bug.cgi?id=1943409 https://bugzilla.redhat.com/attachment.cgi?id=1770218&... https://src.fedoraproject.org/rpms/djvulibre/blob/4b8d9b4... https://bugzilla.redhat.com/show_bug.cgi?id=1943686 https://bugzilla.redhat.com/show_bug.cgi?id=1943410 https://bugzilla.redhat.com/attachment.cgi?id=1770220&... https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide... https://bugzilla.redhat.com/show_bug.cgi?id=1943690 https://bugzilla.redhat.com/show_bug.cgi?id=1943424 https://bugzilla.redhat.com/attachment.cgi?id=1774554&... https://src.fedoraproject.org/rpms/djvulibre/blob/rawhide... https://security.archlinux.org/CVE-2021-3500 https://security.archlinux.org/CVE-2021-32490 https://security.archlinux.org/CVE-2021-32491 https://security.archlinux.org/CVE-2021-32492 https://security.archlinux.org/CVE-2021-32493