|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2021-46312: djvulibre: divide by zero in IW44EncodeCodec.cpp | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Carlos López <carlos.lopez> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/376018/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-46312:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Carlos López
2023-08-28 08:35:14 UTC
TW,15,12/djvulibre :/ # c44 214672/POC > /dev/null Floating point exception (core dumped) :/ # (In reply to Petr Gajdos from comment #1) > TW,15,12/djvulibre > > :/ # c44 214672/POC > /dev/null > Floating point exception (core dumped) > :/ # We also have djvulibre in SUSE:SLE-15-SP2:Update and SUSE:ALP:Source:Standard:1.0. (In reply to Carlos López from comment #2) > (In reply to Petr Gajdos from comment #1) > > TW,15,12/djvulibre > > > > :/ # c44 214672/POC > /dev/null > > Floating point exception (core dumped) > > :/ # > > We also have djvulibre in SUSE:SLE-15-SP2:Update and > SUSE:ALP:Source:Standard:1.0. Yeah, thanks. BEFORE TW,15sp2,15,12/djvulibre :/ # c44 214672/POC > /dev/null Floating point exception (core dumped) :/ # PATCH https://sourceforge.net/p/djvu/bugs/344/#bcb7 Add similar checks as in IW44Image.cpp, see https://sourceforge.net/p/djvu/bugs/345/ AFTER TW,15sp2,15,12/djvulibre :/ # c44 214672/POC > /dev/null *** IWBitmap: zero size image (corrupted file?) *** (IW44EncodeCodec.cpp:1429) *** 'void DJVU::IWBitmap::Encode::init(const DJVU::GBitmap&, DJVU::GP<DJVU::GBitmap>)' :/ # Submitted for TW,ALP,15sp2,15,12/djvulibre. I believe all fixed. This is an autogenerated message for OBS integration: This bug (1214672) was mentioned in https://build.opensuse.org/request/show/1107914 Factory / djvulibre SUSE-SU-2023:3520-1: An update that solves two vulnerabilities can now be installed. Category: security (low) Bug References: 1214670, 1214672 CVE References: CVE-2021-46310, CVE-2021-46312 Sources used: openSUSE Leap 15.4 (src): djvulibre-3.5.27-150200.11.14.1 openSUSE Leap 15.5 (src): djvulibre-3.5.27-150200.11.14.1 Desktop Applications Module 15-SP4 (src): djvulibre-3.5.27-150200.11.14.1 Desktop Applications Module 15-SP5 (src): djvulibre-3.5.27-150200.11.14.1 SUSE Package Hub 15 15-SP4 (src): djvulibre-3.5.27-150200.11.14.1 SUSE Package Hub 15 15-SP5 (src): djvulibre-3.5.27-150200.11.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3755-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1185895, 1214670, 1214672 CVE References: CVE-2021-32490, CVE-2021-46310, CVE-2021-46312 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise Server 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |