PT-2019-6096 · Djvulibre+4 · Djvulibre+4

Hongxu Chen

Published

2019-08-18

Updated

2024-06-15

CVE-2019-15144

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions DjVuLibre version 3.5.27

Description The issue is related to the sorting functionality in DjVuLibre, which can be exploited by crafting a malicious PBM image file. This can cause an uncontrolled recursion, leading to a denial-of-service (application crash). The vulnerability can be exploited by a remote attacker to disrupt service.

Recommendations For DjVuLibre version 3.5.27, consider disabling the sorting functionality (GArrayTemplate::sort) as a temporary workaround until a patch is available. Restrict access to the libdjvu/GContainer.h module to minimize the risk of exploitation. Avoid using the sorting functionality with untrusted PBM image files until the issue is resolved.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2022-1603

ALT-PU-2022-3240

BDU:2021-05254

CVE-2019-15144

DLA-1902-1

DLA-2667-1

DSA-5032-1

MGASA-2019-0346

OESA-2021-1034

OPENSUSE-SU-2019:2217-1

OPENSUSE-SU-2019:2219-1

OPENSUSE-SU-2019_2217-1

OPENSUSE-SU-2019_2219-1

OPENSUSE-SU-2024:10719-1

SUSE-SU-2019:2444-1

SUSE-SU-2019:2452-1

USN-4198-1

Affected Products

Alt Linux

Astra Linux

Djvulibre

Suse

Ubuntu

PT-2019-6096 · Djvulibre+4 · Djvulibre+4

CVE-2019-15144

Weakness Enumeration

Related Identifiers

Affected Products

References · 67