Debian DSA-5032-1 : djvulibre - security update

high Nessus Plugin ID 156331

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5032 advisory.

 - In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of- service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. (CVE-2019-15142)

 - In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. (CVE-2019-15143)

 - In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. (CVE-2019-15144)

 - DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of- bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. (CVE-2019-15145)

 - DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
 (CVE-2019-18804)

 - A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32490)

 - A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32491)

 - A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
 (CVE-2021-32492)

 - A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
 (CVE-2021-32493)

 - A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-3500)

 - An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. (CVE-2021-3630)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the djvulibre packages.

For the stable distribution (bullseye), these problems have been fixed in version 3.5.28-2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945114

https://security-tracker.debian.org/tracker/source-package/djvulibre

https://www.debian.org/security/2021/dsa-5032

https://security-tracker.debian.org/tracker/CVE-2019-15142

https://security-tracker.debian.org/tracker/CVE-2019-15143

https://security-tracker.debian.org/tracker/CVE-2019-15144

https://security-tracker.debian.org/tracker/CVE-2019-15145

https://security-tracker.debian.org/tracker/CVE-2019-18804

https://security-tracker.debian.org/tracker/CVE-2021-32490

https://security-tracker.debian.org/tracker/CVE-2021-32491

https://security-tracker.debian.org/tracker/CVE-2021-32492

https://security-tracker.debian.org/tracker/CVE-2021-32493

https://security-tracker.debian.org/tracker/CVE-2021-3500

https://security-tracker.debian.org/tracker/CVE-2021-3630

https://packages.debian.org/source/buster/djvulibre

https://packages.debian.org/source/bullseye/djvulibre

Plugin Details

Severity: High

ID: 156331

File Name: debian_DSA-5032.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/28/2021

Updated: 12/28/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-3500

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:djview, p-cpe:/a:debian:debian_linux:djview3, p-cpe:/a:debian:debian_linux:djvulibre-bin, p-cpe:/a:debian:debian_linux:djvulibre-desktop, p-cpe:/a:debian:debian_linux:djvuserve, p-cpe:/a:debian:debian_linux:libdjvulibre-dev, p-cpe:/a:debian:debian_linux:libdjvulibre-text, p-cpe:/a:debian:debian_linux:libdjvulibre21, cpe:/o:debian:debian_linux:10.0, cpe:/o:debian:debian_linux:11.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/28/2021

Vulnerability Publication Date: 8/18/2019

Reference Information

CVE: CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804, CVE-2021-3500, CVE-2021-3630, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493