In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. Reference: https://sourceforge.net/p/djvu/bugs/297/ Upstream commit: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
Created djvulibre tracking bugs for this issue: Affects: epel-6 [bug 1767859] Affects: epel-7 [bug 1767860] Affects: fedora-all [bug 1767857] Created mingw-djvulibre tracking bugs for this issue: Affects: fedora-all [bug 1767858]