Early Access — Mondoo Vulnerability Intelligence is currently in preview.
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.
3.5.27.1-33.5.27.1-43.5.27.1-53.5.27.1-5ubuntu0.13.5.27.1-5ubuntu0.1+esm13.5.27.1-5ubuntu0.1+esm23.5.27.1-73.5.27.1-83.5.27.1-8ubuntu0.13.5.27.1-8ubuntu0.23.5.27.1-8ubuntu0.33.5.27.1-8ubuntu0.43.5.27.1-133.5.27.1-13ubuntu13.5.27.1-143.5.27.1-14build13.5.27.1-14ubuntu0.13.5.28-2build13.5.28-2build23.5.28-2ubuntu0.22.04.13.5.28-2build43.5.28-2build33.5.28-2build43.5.28-2ubuntu0.24.04.13.5.28-2build43.5.28-2ubuntu0.25.04.13.5.27.1-33.5.27.1-43.5.27.1-53.5.27.1-5ubuntu0.13.5.27.1-5ubuntu0.1+esm13.5.27.1-5ubuntu0.1+esm23.5.27.1-73.5.27.1-83.5.27.1-8ubuntu0.13.5.27.1-8ubuntu0.23.5.27.1-8ubuntu0.33.5.27.1-8ubuntu0.43.5.27.1-133.5.27.1-13ubuntu13.5.27.1-143.5.27.1-14build13.5.27.1-14ubuntu0.1Exploitability
AV:LAC:LAT:NPR:NUI:AVulnerable System
VC:HVI:HVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N