[debian-lts-announce] 20190829 [SECURITY] [DLA 1902-1] djvulibre security update

https://sourceforge.net/p/djvu/bugs/299/

https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/

Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format.

The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop and an invalid read when working with crafted files as input.

For Debian 8 'Jessie', these problems have been fixed in version 3.5.25.4-4+deb8u1.

We recommend that you upgrade your djvulibre packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVE-2019-15144

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins