Bugzilla – Bug 1214670
VUL-1: CVE-2021-46310: djvulibre: divide by zero in IW44Image.cpp
Last modified: 2023-09-25 12:30:02 UTC
CVE-2021-46310 An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46310 https://bugzilla.redhat.com/show_bug.cgi?id=2234739 https://www.cve.org/CVERecord?id=CVE-2021-46310 https://sourceforge.net/p/djvu/bugs/345/
TW,15/djvulibre :/ # djvups 214670/POC > /dev/null Floating point exception (core dumped) :/ # 12/djvulibre :/ # djvups 214670/POC > /dev/null djvups: [1-12501] DjVu Decoder: Corrupted data (Incorrect size in BG44 chunk). :/ # [could not reproduce]
(In reply to Petr Gajdos from comment #1) > TW,15/djvulibre > > :/ # djvups 214670/POC > /dev/null > Floating point exception (core dumped) > :/ # > > 12/djvulibre > > :/ # djvups 214670/POC > /dev/null > djvups: [1-12501] DjVu Decoder: Corrupted data (Incorrect size in BG44 > chunk). > :/ # > [could not reproduce] We also have djvulibre in SUSE:SLE-15-SP2:Update and SUSE:ALP:Source:Standard:1.0.
(In reply to Carlos López from comment #2) > > 12/djvulibre > > > > :/ # djvups 214670/POC > /dev/null > > djvups: [1-12501] DjVu Decoder: Corrupted data (Incorrect size in BG44 > > chunk). > > :/ # > > [could not reproduce] That was because the overflow check wasn't there at all. > We also have djvulibre in SUSE:SLE-15-SP2:Update and > SUSE:ALP:Source:Standard:1.0. Sure, thanks.
BEFORE TW,15sp2,15/djvulibre :/ # djvups 214670/POC > /dev/null Floating point exception (core dumped) :/ # 12/djvulibre :/ # djvups 214670/POC > /dev/null djvups: [1-12501] DjVu Decoder: Corrupted data (Incorrect size in BG44 chunk). :/ # [could not reproduce] PATCH https://sourceforge.net/p/djvu/bugs/345/#47a6 Hardens the overflow check. In 12/djvulibre, there is not the overflow check at all, will patch it trough this CVE identifier. AFTER TW,15sp2,15,12/djvulibre :/ # djvups 214670/POC > /dev/null djvups: IW44Image: zero size image (corrupted file?) :/ #
Submitted for TW,ALP,15sp2,15,12/djvulibre. I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1214670) was mentioned in https://build.opensuse.org/request/show/1107914 Factory / djvulibre
SUSE-SU-2023:3520-1: An update that solves two vulnerabilities can now be installed. Category: security (low) Bug References: 1214670, 1214672 CVE References: CVE-2021-46310, CVE-2021-46312 Sources used: openSUSE Leap 15.4 (src): djvulibre-3.5.27-150200.11.14.1 openSUSE Leap 15.5 (src): djvulibre-3.5.27-150200.11.14.1 Desktop Applications Module 15-SP4 (src): djvulibre-3.5.27-150200.11.14.1 Desktop Applications Module 15-SP5 (src): djvulibre-3.5.27-150200.11.14.1 SUSE Package Hub 15 15-SP4 (src): djvulibre-3.5.27-150200.11.14.1 SUSE Package Hub 15 15-SP5 (src): djvulibre-3.5.27-150200.11.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3755-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1185895, 1214670, 1214672 CVE References: CVE-2021-32490, CVE-2021-46310, CVE-2021-46312 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise Server 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): djvulibre-3.5.25.3-5.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.