Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 33: FEDORA-2021-d4c1c98a58 Moderate: DjVu Stack Overflow

fedora
Calendar Grey May 10, 2021
Dist Fedora Esm H88
The latest DjVu revision for Fedora 33 addresses critical stack overflow vulnerabilities and file corruption problems. Discover the installation process and the implications of these updates.
This update fixes several issues in djvulibre

Summary

DjVu is a web-centric format and software platform for distributing documents

and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for

distributing scanned documents, digital documents, or high-resolution pictures.

DjVu content downloads faster, displays and renders faster, looks nicer on a

screen, and consume less client resources than competing formats. DjVu images

display instantly and can be smoothly zoomed and panned with no lengthy

re-rendering.

DjVuLibre is a free (GPL'ed) implementation of DjVu, including viewers,

decoders, simple encoders, and utilities. The browser plugin is in its own

separate sub-package.

This update fixes several issues in djvulibre. These are mostly related to

opening of corrupted files.

* Mon May 3 2021 Marek Kasik - 3.5.27-27

- Avoid unsigned short overflow in GBitmap when allocating row buffer

- Resolves: #1943424

* Mon May 3 2021 Marek Kasik - 3.5.27-26

- Avoid stack overflow in DjVuPort by remembering which file we are opening

- Resolves: #1943411, #1943685

* Mon May 3 2021 Marek Kasik - 3.5.27-25

- Check input pool for NULL

- Resolves: #1943410

* Mon May 3 2021 Marek Kasik - 3.5.27-24

- Avoid integer overflow when allocating bitmap

- Resolves: #1943409

* Mon May 3 2021 Marek Kasik - 3.5.27-23

- Check image size for 0

- Resolves: #1943408

[ 1 ] Bug #1943685 - CVE-2021-3500 djvulibre: Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file

https://bugzilla.redhat.com/show_bug.cgi?id=1943685

su -c 'dnf upgrade --advisory FEDORA-2021-d4c1c98a58' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory Fedora software fix file corruption stack overflow djvulibre

Change Log

References

Update Instructions

Product: Fedora 33
Version: 3.5.27
Release: 27.fc33
URL:
Summary: DjVu viewers, encoders, and utilities

Topics%20covered

Topics Covered

security advisory Fedora software fix file corruption stack overflow djvulibre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here