Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 718552 (CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145) - <app-text/djvu-3.5.27-r2: Multiple vulnerabilities (CVE-2019-{15143,15144,15145})
Summary: <app-text/djvu-3.5.27-r2: Multiple vulnerabilities (CVE-2019-{15143,15144,151...
Status: RESOLVED FIXED
Alias: CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: 536720
Blocks:
  Show dependency tree
 
Reported: 2020-04-20 00:20 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-27 00:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-20 00:20:11 UTC
CVE-2019-15145 (https://nvd.nist.gov/vuln/detail/CVE-2019-15145):
  DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack
  (application crash via an out-of-bounds read) by crafting a corrupted JB2
  image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in
  libdjvu/JB2Image.h because of a missing zero-bytes check in
  libdjvu/GBitmap.h.


----
Bug: https://sourceforge.net/p/djvu/bugs/298/
Debian: https://security-tracker.debian.org/tracker/CVE-2019-15145

Looks like there may be more from the Debian link.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2020-04-20 00:23:17 UTC
CVE-2019-15144 (https://nvd.nist.gov/vuln/detail/CVE-2019-15144):
  In DjVuLibre 3.5.27, the sorting functionality (aka
  GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service
  (application crash due to an Uncontrolled Recursion) by crafting a PBM image
  file that is mishandled in libdjvu/GContainer.h.

CVE-2019-15143 (https://nvd.nist.gov/vuln/detail/CVE-2019-15143):
  In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a
  denial-of-service error (resource exhaustion caused by a
  GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file,
  related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

CVE-2019-15142 (https://nvd.nist.gov/vuln/detail/CVE-2019-15142):
  In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows
  attackers to cause a denial-of-service (application crash in
  GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer
  over-read) by crafting a DJVU file.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-20 11:12:09 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2019-15145 (https://nvd.nist.gov/vuln/detail/CVE-2019-15145):
>   DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack
>   (application crash via an out-of-bounds read) by crafting a corrupted JB2
>   image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in
>   libdjvu/JB2Image.h because of a missing zero-bytes check in
>   libdjvu/GBitmap.h.
> 
> 

Bug: https://sourceforge.net/p/djvu/bugs/298/
Patch: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/

(In reply to GLSAMaker/CVETool Bot from comment #1)
> CVE-2019-15144 (https://nvd.nist.gov/vuln/detail/CVE-2019-15144):
>   In DjVuLibre 3.5.27, the sorting functionality (aka
>   GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service
>   (application crash due to an Uncontrolled Recursion) by crafting a PBM
> image
>   file that is mishandled in libdjvu/GContainer.h.
> 

Bug: https://sourceforge.net/p/djvu/bugs/299/
Patch: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/


> CVE-2019-15143 (https://nvd.nist.gov/vuln/detail/CVE-2019-15143):
>   In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause
> a
>   denial-of-service error (resource exhaustion caused by a
>   GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file,
>   related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
> 

Bug: https://sourceforge.net/p/djvu/bugs/297/
Patch: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/


> CVE-2019-15142 (https://nvd.nist.gov/vuln/detail/CVE-2019-15142):
>   In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows
>   attackers to cause a denial-of-service (application crash in
>   GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer
>   over-read) by crafting a DJVU file.

Bug: https://sourceforge.net/p/djvu/bugs/296/
Patch: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
Comment 3 Larry the Git Cow gentoo-dev 2020-06-13 09:35:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=703e79f63d52413d37f850ca62c1cabcc1606d70

commit 703e79f63d52413d37f850ca62c1cabcc1606d70
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-06-13 06:56:45 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2020-06-13 09:35:02 +0000

    app-text/djvu: Security bump
    
    Bump to upstream tag debian/3.5.27.1-14, which includes fixes for
    numerous security issues.
    
    Bug: https://bugs.gentoo.org/536720
    Bug: https://bugs.gentoo.org/718552
    Package-Manager: Portage-2.3.100, Repoman-2.3.22
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16210
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>

 app-text/djvu/Manifest              |  1 +
 app-text/djvu/djvu-3.5.27-r2.ebuild | 73 +++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2020-06-28 20:54:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a13ebb61d94c615ab2c68de08ab95746c1996c5

commit 3a13ebb61d94c615ab2c68de08ab95746c1996c5
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-06-25 22:53:18 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-28 20:54:14 +0000

    app-text/djvu: Security cleanup
    
    Bug: https://bugs.gentoo.org/536720
    Bug: https://bugs.gentoo.org/718552
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16423
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 app-text/djvu/Manifest              |  1 -
 app-text/djvu/djvu-3.5.27-r1.ebuild | 68 -------------------------------------
 2 files changed, 69 deletions(-)
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2020-06-28 20:55:41 UTC
glsa opened.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2020-07-27 00:36:25 UTC
This issue was resolved and addressed in
 GLSA 202007-36 at https://security.gentoo.org/glsa/202007-36
by GLSA coordinator Sam James (sam_c).