Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0247)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0247

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0247)

Zusammenfassung: The remote host is missing an update for the 'djvulibre' package(s) announced via the MGASA-2021-0247 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'djvulibre' package(s) announced via the MGASA-2021-0247 advisory.

Vulnerability Insight:
Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted
djvu file. (CVE-2021-3500).

Out of bounds write in function DJVU::filter_bv()
via crafted djvu file. (CVE-2021-32490).

Integer overflow in function render() in tools/ddjvu via crafted djvu file.
(CVE-2021-32491)

Out of bounds read in function DJVU::DataPool::has_data() via crafted djvu
file. (CVE-2021-32492).

Heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu
file. (CVE-2021-32493).

Affected Software/OS:
'djvulibre' package(s) on Mageia 7, Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-32490
Debian Security Information: DSA-5032 (Google Search)
https://www.debian.org/security/2021/dsa-5032
https://bugzilla.redhat.com/show_bug.cgi?id=1943693
Common Vulnerability Exposure (CVE) ID: CVE-2021-32491
https://bugzilla.redhat.com/show_bug.cgi?id=1943684
Common Vulnerability Exposure (CVE) ID: CVE-2021-32492
https://bugzilla.redhat.com/show_bug.cgi?id=1943686
Common Vulnerability Exposure (CVE) ID: CVE-2021-32493
https://bugzilla.redhat.com/show_bug.cgi?id=1943690
Common Vulnerability Exposure (CVE) ID: CVE-2021-3500
DSA-5032
https://bugzilla.redhat.com/show_bug.cgi?id=1943685

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0247
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0247)
Zusammenfassung:	The remote host is missing an update for the 'djvulibre' package(s) announced via the MGASA-2021-0247 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'djvulibre' package(s) announced via the MGASA-2021-0247 advisory. Vulnerability Insight: Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file. (CVE-2021-3500). Out of bounds write in function DJVU::filter_bv() via crafted djvu file. (CVE-2021-32490). Integer overflow in function render() in tools/ddjvu via crafted djvu file. (CVE-2021-32491) Out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file. (CVE-2021-32492). Heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file. (CVE-2021-32493). Affected Software/OS: 'djvulibre' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32490 Debian Security Information: DSA-5032 (Google Search) https://www.debian.org/security/2021/dsa-5032 https://bugzilla.redhat.com/show_bug.cgi?id=1943693 Common Vulnerability Exposure (CVE) ID: CVE-2021-32491 https://bugzilla.redhat.com/show_bug.cgi?id=1943684 Common Vulnerability Exposure (CVE) ID: CVE-2021-32492 https://bugzilla.redhat.com/show_bug.cgi?id=1943686 Common Vulnerability Exposure (CVE) ID: CVE-2021-32493 https://bugzilla.redhat.com/show_bug.cgi?id=1943690 Common Vulnerability Exposure (CVE) ID: CVE-2021-3500 DSA-5032 https://bugzilla.redhat.com/show_bug.cgi?id=1943685
Copyright	Copyright (C) 2022 Greenbone AG