Your submission was sent successfully! Close

CVE-2012-6535

Published: 2 December 2013

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.

Priority

Medium

Status

Package Release Status
djvulibre
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (3.5.24-9ubuntu0.1)
quantal Not vulnerable
(3.5.25.3-1ubuntu1)
raring Not vulnerable

saucy Not vulnerable

upstream
Released (3.5.25.3-1)
Patches:
upstream: http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/