Skip to main content

Djvulibre

12 CVEs product

Monthly

CVE-2021-3630 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Djvulibre Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-3500 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32493 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32492 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32491 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-32490 HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-18804 HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-15145 MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-15144 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15143 MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-15142 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2012-6535 CRITICAL Act Now

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Code Injection Denial Of Service RCE Djvulibre
NVD
CVSS 2.0
9.3
EPSS
5.4%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Djvulibre +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Djvulibre +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Djvulibre +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in djvulibre-3.5.28 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Djvulibre Debian Linux
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre +4
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Code Injection Denial Of Service +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy