CVE-2021-32490 (https://bugzilla.redhat.com/show_bug.cgi?id=1943693): A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. RedHat's patch: https://bugzilla.redhat.com/attachment.cgi?id=1770184 CVE-2021-32491 (https://bugzilla.redhat.com/show_bug.cgi?id=1943684): A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. RedHat's patch: https://bugzilla.redhat.com/attachment.cgi?id=1770218 CVE-2021-32492 (https://bugzilla.redhat.com/show_bug.cgi?id=1943686): A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. RedHat's patch: https://bugzilla.redhat.com/attachment.cgi?id=1770220 CVE-2021-32493 (https://bugzilla.redhat.com/show_bug.cgi?id=1943690): A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. RedHat's patch: https://bugzilla.redhat.com/attachment.cgi?id=1774554 CVE-2021-3500 (https://bugzilla.redhat.com/show_bug.cgi?id=1943685): A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. RedHat's patch: https://bugzilla.redhat.com/attachment.cgi?id=1770188 So, seems everything has a patch but there are no links to upstream commits or issues on the RedHat bugs so I'm not sure if anyone ever actually contacted upstream to fix these.
Package list is empty or all packages have requested keywords.
Debian released a patched version: https://www.debian.org/security/2021/dsa-5032 Thanks.
