Your submission was sent successfully! Close

CVE-2019-15142

Published: 18 August 2019

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
djvulibre
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27.1-8ubuntu0.1)
disco
Released (3.5.27.1-10ubuntu0.1)
eoan Not vulnerable
(3.5.27.1-11)
precise Does not exist

trusty Does not exist

upstream
Released (3.5.27.1-11)
xenial
Released (3.5.27.1-5ubuntu0.1)