PT-2021-3120 · Djvulibre+5 · Djvulibre+5

1Vanchen

Published

2021-05-11

Updated

2025-10-14

CVE-2021-32490

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions djvulibre versions 3.5.28 and earlier

Description A flaw in the DJVU::filter bv() function allows for an out of bounds write via a crafted djvu file, potentially leading to an application crash. The vulnerability may also enable a remote attacker to execute arbitrary code on the target system using a specially crafted djvu file.

Recommendations For versions 3.5.28 and earlier, consider disabling the DJVU::filter bv() function as a temporary workaround until a patch is available. Restrict access to djvu files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2025-12685

ALT-PU-2025-12687

BDU:2021-02743

CVE-2021-32490

DLA-2667-1

DSA-5032-1

MGASA-2021-0247

OESA-2021-1255

OPENSUSE-SU-2021:0759-1

OPENSUSE-SU-2021:1641-1

OPENSUSE-SU-2021_0759-1

OPENSUSE-SU-2021_1641-1

OPENSUSE-SU-2024:10719-1

SUSE-SU-2021:1641-1

SUSE-SU-2021:1649-1

SUSE-SU-2021_1641-1

SUSE-SU-2021_1649-1

SUSE-SU-2023:3755-1

SUSE-SU-2023_3755-1

USN-4957-1

USN-4957-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Djvulibre

PT-2021-3120 · Djvulibre+5 · Djvulibre+5

CVE-2021-32490

Weakness Enumeration

Related Identifiers

Affected Products

References · 67