Vulnerability Details CVE-2021-3630
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1977427
- https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MRXCW4BUGAJLGF6IWQWUZ2YBICMZCPK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIZIAJWGKI26DKDOGJS7J7CIQGHHMIHG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3B4QZCICPZRDXA2HOIACSQNZB2VEHSM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVKYWV4P5XGA3FXKGFB443MKC32L7YQB/
- https://www.debian.org/security/2021/dsa-5032
- https://bugzilla.redhat.com/show_bug.cgi?id=1977427
- https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MRXCW4BUGAJLGF6IWQWUZ2YBICMZCPK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIZIAJWGKI26DKDOGJS7J7CIQGHHMIHG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3B4QZCICPZRDXA2HOIACSQNZB2VEHSM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVKYWV4P5XGA3FXKGFB443MKC32L7YQB/
- https://www.debian.org/security/2021/dsa-5032
Products affected by CVE-2021-3630
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.1
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.10
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.11
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.12
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.13
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.14
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.15
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.16
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.17
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.18
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.19
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.2
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.20
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.21
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.22
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.23
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.24
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.25
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.27
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.3
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.4
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.5
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.6
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.7
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.8
-
cpe:2.3:a:djvulibre_project:djvulibre:3.5.9
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34