Bug 1767855 (CVE-2019-15143) - CVE-2019-15143 djvulibre: infinite loop in GBitmap::read_rle_raw related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp
Summary: CVE-2019-15143 djvulibre: infinite loop in GBitmap::read_rle_raw related to l...
Keywords:
Status: NEW
Alias: CVE-2019-15143
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1767857 1767858 1767859 1767860
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-01 14:28 UTC by Guilherme de Almeida Suckevicz
Modified: 2019-11-01 14:31 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Guilherme de Almeida Suckevicz 2019-11-01 14:28:38 UTC 
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

Reference:
https://sourceforge.net/p/djvu/bugs/297/

Upstream commit:
https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
Comment 1 Guilherme de Almeida Suckevicz 2019-11-01 14:30:25 UTC 
Created djvulibre tracking bugs for this issue:

Affects: epel-6 [bug 1767859]
Affects: epel-7 [bug 1767860]
Affects: fedora-all [bug 1767857]


Created mingw-djvulibre tracking bugs for this issue:

Affects: fedora-all [bug 1767858]
Note You need to log in before you can comment on or make changes to this bug.