SB2019081809 - Multiple vulnerabilities in DjVuLibre
Published: August 18, 2019 Updated: November 21, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2019-15142)
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a boundary error when processing DJVU files in DjVmDir.cpp in DjVuLibre. A remote attacker can create a specially crafted DJVU, trick the victim into opening it, trigger heap-based buffer overflow and crash the application using the affected library.
2) Infinite loop (CVE-ID: CVE-2019-15143)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in bitmap reader component in DjVuLibre, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp files. A remote attacker can create a specially crafted file, pass it to the application using the affected library and perform denial of service conditions.
3) Infinite loop (CVE-ID: CVE-2019-15144)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the sorting functionality (aka GArrayTemplate::sort) within the libdjvu/GContainer.h in DjVuLibre. A remote attacker can consume excessive system resources with a specially crafted BMP file.
4) Out-of-bounds read (CVE-ID: CVE-2019-15145)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h within DjVuLibre due to a missing zero-bytes check in libdjvu/GBitmap.h. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
5) NULL pointer dereference (CVE-ID: CVE-2019-18804)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function DJVU::filter_fv at IW44EncodeCodec.cpp. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://sourceforge.net/p/djvu/bugs/296/
- https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
- https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html
- https://sourceforge.net/p/djvu/bugs/297/
- https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
- https://sourceforge.net/p/djvu/bugs/299/
- https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
- https://sourceforge.net/p/djvu/bugs/298/
- https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
- https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md
- https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html
- https://sourceforge.net/p/djvu/bugs/309/