PT-2019-6096 · Djvulibre+4 · Djvulibre+4

Hongxu Chen

Publicado

2019-08-18

Atualizado

2024-06-15

CVE-2019-15144

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions DjVuLibre version 3.5.27

Description The issue is related to the sorting functionality in DjVuLibre, which can be exploited by crafting a malicious PBM image file. This can cause an uncontrolled recursion, leading to a denial-of-service (application crash). The vulnerability can be exploited by a remote attacker to disrupt service.

Recommendations For DjVuLibre version 3.5.27, consider disabling the sorting functionality (GArrayTemplate::sort) as a temporary workaround until a patch is available. Restrict access to the libdjvu/GContainer.h module to minimize the risk of exploitation. Avoid using the sorting functionality with untrusted PBM image files until the issue is resolved.

Exploit

Correção

DoS

Uncontrolled Recursion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-674

Identificadores relacionados

ALT-PU-2022-1603

ALT-PU-2022-3240

BDU:2021-05254

CVE-2019-15144

DLA-1902-1

DLA-2667-1

DSA-5032-1

MGASA-2019-0346

OESA-2021-1034

OPENSUSE-SU-2019:2217-1

OPENSUSE-SU-2019:2219-1

OPENSUSE-SU-2019_2217-1

OPENSUSE-SU-2019_2219-1

OPENSUSE-SU-2024:10719-1

SUSE-SU-2019:2444-1

SUSE-SU-2019:2452-1

USN-4198-1

Produtos afetados

Alt Linux

Astra Linux

Djvulibre

Suse

Ubuntu

PT-2019-6096 · Djvulibre+4 · Djvulibre+4

CVE-2019-15144

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67