In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. Reference: https://sourceforge.net/p/djvu/bugs/296/ Upstream commit: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
Created djvulibre tracking bugs for this issue: Affects: epel-6 [bug 1767844] Affects: epel-7 [bug 1767845] Affects: fedora-all [bug 1767842] Created mingw-djvulibre tracking bugs for this issue: Affects: fedora-all [bug 1767843]