Main Vulnerability Database Vulnerabilities #VU21451

#VU21451 Infinite loop in DjVuLibre - CVE-2019-15143

Published: September 30, 2019

Vulnerability identifier: #VU21451

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-15143

CWE-ID: CWE-835

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
DjVuLibre

Software vendor:
DjVu

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in bitmap reader component in DjVuLibre, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp files. A remote attacker can create a specially crafted file, pass it to the application using the affected library and perform denial of service conditions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html
https://sourceforge.net/p/djvu/bugs/297/
https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/

#VU21451 Infinite loop in DjVuLibre - CVE-2019-15143

Description

Remediation

External links

Please verify you're human