CVE-2021-32491

CVE-2021-32491

Name

CVE-2021-32491

Description

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1943684
DEBIAN	https://www.debian.org/security/2021/dsa-5032

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1943684

DEBIAN

https://www.debian.org/security/2021/dsa-5032

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:djvulibre_project:djvulibre::::::::`	djvulibre	>= None	<= 3.5.28

CPE URI

Source package

Min version

Max version

cpe:2.3:a:djvulibre_project:djvulibre:*:*:*:*:*:*:*:*

djvulibre

>= None

<= 3.5.28

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
djvulibre	3.14-community	3.5.28-r1	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.15-community	3.5.28-r1	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.16-community	3.5.28-r1	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.17-community	3.5.28-r2	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	edge-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.18-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.19-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	fixed
djvulibre	3.20-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	fixed

Source package

Branch

Version

Maintainer

Status

djvulibre

3.14-community

3.5.28-r1

Leon Bottou <leonb@bottou.org>

fixed

djvulibre

3.15-community