Debian Security Advisory
DLA-1902-1 djvulibre -- LTS security update
- Date Reported:
- 29 Aug 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145.
- More information:
Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format.
The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop and an invalid read when working with crafted files as input.
For Debian 8
Jessie, these problems have been fixed in version 126.96.36.199-4+deb8u1.
We recommend that you upgrade your djvulibre packages.