Djvulibreproject Djvulibre
By the Year
In 2024 there have been 0 vulnerabilities in Djvulibreproject Djvulibre . Last year Djvulibre had 2 security vulnerabilities published. Right now, Djvulibre is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 6 | 7.42 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 5.90 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Djvulibre vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Djvulibreproject Djvulibre Security Vulnerabilities
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in
CVE-2021-46312
6.5 - Medium
- August 22, 2023
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
Divide By Zero
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in
CVE-2021-46310
6.5 - Medium
- August 22, 2023
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
Divide By Zero
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp
CVE-2021-3630
5.5 - Medium
- June 30, 2021
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
Memory Corruption
A flaw was found in djvulibre-3.5.28 and earlier
CVE-2021-3500
7.8 - High
- June 24, 2021
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
Memory Corruption
A flaw was found in djvulibre-3.5.28 and earlier
CVE-2021-32493
7.8 - High
- June 24, 2021
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
Memory Corruption
A flaw was found in djvulibre-3.5.28 and earlier
CVE-2021-32492
7.8 - High
- June 24, 2021
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
Out-of-bounds Read
A flaw was found in djvulibre-3.5.28 and earlier
CVE-2021-32491
7.8 - High
- June 24, 2021
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
Integer Overflow or Wraparound
A flaw was found in djvulibre-3.5.28 and earlier
CVE-2021-32490
7.8 - High
- June 24, 2021
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
Memory Corruption
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
CVE-2019-18804
7.5 - High
- November 07, 2019
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
NULL Pointer Dereference
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component
CVE-2019-15142
5.5 - Medium
- August 18, 2019
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
Out-of-bounds Read
In DjVuLibre 3.5.27, the bitmap reader component
CVE-2019-15143
5.5 - Medium
- August 18, 2019
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
Infinite Loop
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file
CVE-2019-15144
5.5 - Medium
- August 18, 2019
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
Stack Exhaustion
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file
CVE-2019-15145
5.5 - Medium
- August 18, 2019
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Leap or by Djvulibreproject? Click the Watch button to subscribe.
