Your submission was sent successfully! Close

CVE-2019-15144

Published: 18 August 2019

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
djvulibre
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27.1-8ubuntu0.1)
disco
Released (3.5.27.1-10ubuntu0.1)
eoan Not vulnerable
(3.5.27.1-11)
precise Does not exist

trusty Does not exist

upstream
Released (3.5.27.1-11)
xenial
Released (3.5.27.1-5ubuntu0.1)
Patches:
upstream: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/