PT-2019-6095 · Djvulibre+4 · Djvulibre+4

Hongxu Chen

Publicado

2019-08-18

Atualizado

2024-06-15

CVE-2019-15143

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions DjVuLibre version 3.5.27

Description The bitmap reader component in DjVuLibre allows attackers to cause a denial-of-service error by crafting a corrupted image file. This is related to an infinite loop in the GBitmap::read rle raw function, which can lead to resource exhaustion. The issue is connected to the libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp files.

Recommendations For DjVuLibre version 3.5.27, consider avoiding the use of corrupted image files to prevent exploitation of the denial-of-service error until a patch is available. As a temporary workaround, restricting access to the bitmap reader component may help minimize the risk of exploitation.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2022-1603

ALT-PU-2022-3240

BDU:2021-05253

CVE-2019-15143

DLA-1902-1

DLA-2667-1

DSA-5032-1

MGASA-2019-0346

OESA-2021-1034

OPENSUSE-SU-2019:2217-1

OPENSUSE-SU-2019:2219-1

OPENSUSE-SU-2019_2217-1

OPENSUSE-SU-2019_2219-1

OPENSUSE-SU-2024:10719-1

SUSE-SU-2019:2444-1

SUSE-SU-2019:2452-1

USN-4198-1

Produtos afetados

Alt Linux

Astra Linux

Djvulibre

Suse

Ubuntu

PT-2019-6095 · Djvulibre+4 · Djvulibre+4

CVE-2019-15143

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67