CVE-2021-32492

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions djvulibre versions 3.5.28 and earlier

Description A flaw was found in the djvulibre library, specifically in the DJVU::DataPool::has data() function, which can lead to an out of bounds read when processing a crafted djvu file. This may cause an application crash and potentially allow a remote attacker to gain unauthorized access to protected information.

Recommendations For djvulibre versions 3.5.28 and earlier, consider avoiding the use of crafted djvu files until a patch is available. As a temporary workaround, restrict access to the DJVU::DataPool::has data() function to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2025-12685

ALT-PU-2025-12687

BDU:2021-02745

CVE-2021-32492

DLA-2667-1

DSA-5032-1

MGASA-2021-0247

OESA-2021-1255

OPENSUSE-SU-2021:0759-1

OPENSUSE-SU-2021:1641-1

OPENSUSE-SU-2021_0759-1

OPENSUSE-SU-2021_1641-1

OPENSUSE-SU-2024:10719-1

SUSE-SU-2021:14728-1

SUSE-SU-2021:1641-1

SUSE-SU-2021:1645-1

SUSE-SU-2021:1649-1

SUSE-SU-2021_14728-1

USN-4957-1

USN-4957-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Djvulibre

CVE-2021-32492

Weakness Enumeration

Related Identifiers

Affected Products

References · 66