CVE-2021-3630

Public on 2021-06-30
Modified on 2023-01-27
Description
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Mate-desktop1.x Extra djvulibre 2023-09-14 ALAS2MATE-DESKTOP1.X-2023-001 Fixed
Amazon Linux 2 - Core djvulibre-3.5.27-28.amzn2.0.1 Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H