SB2019110831 - Fedora 31 update for djvulibre

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2019-15142)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary error when processing DJVU files in DjVmDir.cpp in DjVuLibre. A remote attacker can create a specially crafted DJVU, trick the victim into opening it, trigger heap-based buffer overflow and crash the application using the affected library.

2) Infinite loop (CVE-ID: CVE-2019-15143)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in bitmap reader component in DjVuLibre, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp files. A remote attacker can create a specially crafted file, pass it to the application using the affected library and perform denial of service conditions.

3) Infinite loop (CVE-ID: CVE-2019-15144)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the sorting functionality (aka GArrayTemplate::sort) within the libdjvu/GContainer.h in DjVuLibre. A remote attacker can consume excessive system resources with a specially crafted BMP file.

4) Out-of-bounds read (CVE-ID: CVE-2019-15145)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h within DjVuLibre due to a missing zero-bytes check in libdjvu/GBitmap.h. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2019-67ff247aea