Hongxu Chen

**Name of the Vulnerable Software and Affected Versions** DjVuLibre version 3.5.27 **Description** The issue is related to a missing zero-bytes check, which can be exploited by crafting a corrupted JB2 image file. This can cause a denial-of-service attack, leading to an application crash via an out-of-bounds read in the `get direct context` function of `JB2Dict::JB2Codec` in `libdjvu/JB2Image.h`. The vulnerability can be exploited by a remote attacker to cause a denial-of-service. **Recommendations** For DjVuLibre version 3.5.27, consider updating to a newer version that includes a fix for the missing zero-bytes check in `libdjvu/GBitmap.h`. As a temporary workaround, avoid using the `get direct context` function of `JB2Dict::JB2Codec` until a patch is available. Restrict access to corrupted JB2 image files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DjVuLibre versions 3.5.27 and earlier **Description** The issue is related to a buffer over-read in the DJVU reader component of DjVuLibre, which can cause a denial-of-service (application crash) when a crafted DJVU file is processed. This occurs due to a heap-based buffer over-read in the `GStringRep::strdup` function in `libdjvu/GString.cpp`. **Recommendations** For DjVuLibre version 3.5.27 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the DJVU reader component until a patch is available. Avoid using the `DjVmDir.cpp` component in the DJVU reader to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DjVuLibre version 3.5.27 **Description** The bitmap reader component in DjVuLibre allows attackers to cause a denial-of-service error by crafting a corrupted image file. This is related to an infinite loop in the GBitmap::read rle raw function, which can lead to resource exhaustion. The issue is connected to the libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp files. **Recommendations** For DjVuLibre version 3.5.27, consider avoiding the use of corrupted image files to prevent exploitation of the denial-of-service error until a patch is available. As a temporary workaround, restricting access to the bitmap reader component may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DjVuLibre version 3.5.27 **Description** The issue is related to the sorting functionality in DjVuLibre, which can be exploited by crafting a malicious PBM image file. This can cause an uncontrolled recursion, leading to a denial-of-service (application crash). The vulnerability can be exploited by a remote attacker to disrupt service. **Recommendations** For DjVuLibre version 3.5.27, consider disabling the sorting functionality (GArrayTemplate<TYPE>::sort) as a temporary workaround until a patch is available. Restrict access to the libdjvu/GContainer.h module to minimize the risk of exploitation. Avoid using the sorting functionality with untrusted PBM image files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions prior to 2.30 **Description** The issue is related to uncontrolled recursion in the GNU C Library when processing regular expressions. This can lead to a denial of service. The problem arises when the library attempts to match certain patterns, such as '(227|)(11|t1|2537)+', as demonstrated in the grep command. **Recommendations** For GNU C Library versions prior to 2.30, update to version 2.30 or later to resolve the issue. As a temporary workaround, consider restricting the use of complex regular expressions in applications that utilize the GNU C Library until a patch is applied.