First Last Prev Next    This bug is not in your last search results.
Bug 1146572 - (CVE-2019-15145) VUL-0: CVE-2019-15145: djvulibre: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict:JB2Codec:get_direct_c
(CVE-2019-15145)
VUL-0: CVE-2019-15145: djvulibre: DjVuLibre 3.5.27 allows attackers to cause ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/240410/
CVSSv3:SUSE:CVE-2019-15145:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-21 09:18 UTC by Wolfgang Frisch
Modified: 2019-10-20 08:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
djvulibre-CVE-2019-15145.patch (540 bytes, patch)
2019-08-21 09:34 UTC, Wolfgang Frisch 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-08-21 09:18:50 UTC 
CVE-2019-15145

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack
(application crash via an out-of-bounds read) by crafting a corrupted JB2 image
file that is mishandled in JB2Dict::JB2Codec::get_direct_context in
libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15145
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15145.html
http://www.cvedetails.com/cve/CVE-2019-15145/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15145
https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
https://sourceforge.net/p/djvu/bugs/298/
Comment 1 Wolfgang Frisch 2019-08-21 09:33:54 UTC 
Following an investigation of the source code, I conclude that all supported versions of djvulibre are affected:

SUSE:SLE-11:Update
SUSE:SLE-12:Update
SUSE:SLE-15:Update

The patch supplied by upstream applies cleanly to all our versions of djvulibre.
Comment 2 Wolfgang Frisch 2019-08-21 09:34:27 UTC 
Created attachment 814921 [details]
djvulibre-CVE-2019-15145.patch
Comment 3 Petr Gajdos 2019-09-02 11:31:04 UTC 
BEFORE

devel,15,12,11/djvulibre

$ cjb2 read_JB2Image.h_741_1.jb2 /dev/null
Segmentation fault (core dumped)
$

PATCH

referenced in comment 0

AFTER

devel,15,12,11/djvulibre

$ cjb2 read_JB2Image.h_741_1.jb2 /dev/null
$
Comment 4 Petr Gajdos 2019-09-02 11:31:20 UTC 
Will submit for devel,15,12,11/djvulibre.
Comment 5 Petr Gajdos 2019-09-02 12:18:37 UTC 
I believe all fixed.
Comment 6 Swamp Workflow Management 2019-09-02 12:50:12 UTC 
This is an autogenerated message for OBS integration:
This bug (1146572) was mentioned in
https://build.opensuse.org/request/show/727759 Factory / djvulibre
Comment 8 Swamp Workflow Management 2019-09-24 13:21:38 UTC 
SUSE-SU-2019:2444-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146569,1146571,1146572,1146702
CVE References: CVE-2019-15142,CVE-2019-15143,CVE-2019-15144,CVE-2019-15145
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    djvulibre-3.5.25.3-5.3.1
SUSE Linux Enterprise Server 12-SP4 (src):    djvulibre-3.5.25.3-5.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    djvulibre-3.5.25.3-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-09-24 19:11:40 UTC 
SUSE-SU-2019:2452-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146569,1146571,1146572,1146702
CVE References: CVE-2019-15142,CVE-2019-15143,CVE-2019-15144,CVE-2019-15145
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    djvulibre-3.5.27-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    djvulibre-3.5.27-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    djvulibre-3.5.27-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    djvulibre-3.5.27-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    djvulibre-3.5.27-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2019-09-30 10:11:40 UTC 
openSUSE-SU-2019:2217-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146569,1146571,1146572,1146702
CVE References: CVE-2019-15142,CVE-2019-15143,CVE-2019-15144,CVE-2019-15145
Sources used:
openSUSE Leap 15.0 (src):    djvulibre-3.5.27-lp150.2.3.1
Comment 11 Swamp Workflow Management 2019-09-30 19:13:26 UTC 
openSUSE-SU-2019:2219-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146569,1146571,1146572,1146702
CVE References: CVE-2019-15142,CVE-2019-15143,CVE-2019-15144,CVE-2019-15145
Sources used:
openSUSE Leap 15.1 (src):    djvulibre-3.5.27-lp151.3.3.1
Comment 12 Marcus Meissner 2019-10-20 08:19:10 UTC 
released
First Last Prev Next    This bug is not in your last search results.