Djvulibre
CVE-2012-6535
CRITICAL
Severity by source
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
AnalysisAI
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. Affected products include: Djvulibre Project Djvulibre. Version information: before 3.5.25.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high sever
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by c
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-se
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustio
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application
A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djv
Same weakness CWE-94 – Code Injection
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today