Bugzilla – Bug 1156188
VUL-1: CVE-2019-18804: djvulibre: NULL pointer dereference in the function DJVU:filter_fv at IW44EncodeCodec.cpp
Last modified: 2021-01-27 17:05:31 UTC
CVE-2019-18804 DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18804 https://sourceforge.net/p/djvu/bugs/309/ https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md
Created attachment 823642 [details] djvulibre-CVE-2019-18804-git-c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125.patch upstream patch https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
Affected code streams: SUSE:SLE-11:Update SUSE:SLE-12:Update SUSE:SLE-15:Update The upstream patch applies cleanly to all our code streams.
This is an autogenerated message for OBS integration: This bug (1156188) was mentioned in https://build.opensuse.org/request/show/746558 Factory / djvulibre
Submitted for: TW,15,12,11/djvulibre.
SUSE-SU-2019:3033-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1154401,1156188 CVE References: CVE-2019-18804 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): djvulibre-3.5.27-3.8.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): djvulibre-3.5.27-3.8.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): djvulibre-3.5.27-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): djvulibre-3.5.27-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): djvulibre-3.5.27-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2574-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1154401,1156188 CVE References: CVE-2019-18804 Sources used: openSUSE Leap 15.0 (src): djvulibre-3.5.27-lp150.2.6.1
openSUSE-SU-2019:2576-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1154401,1156188 CVE References: CVE-2019-18804 Sources used: openSUSE Leap 15.1 (src): djvulibre-3.5.27-lp151.3.6.1
SUSE-SU-2020:0970-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1156188 CVE References: CVE-2019-18804 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): djvulibre-3.5.25.3-5.6.10 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): djvulibre-3.5.25.3-5.6.10 SUSE Linux Enterprise Server 12-SP5 (src): djvulibre-3.5.25.3-5.6.10 SUSE Linux Enterprise Server 12-SP4 (src): djvulibre-3.5.25.3-5.6.10 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3033-2: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1154401,1156188 CVE References: CVE-2019-18804 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): djvulibre-3.5.27-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
DONE