Vulnerability CVE-2021-32490

Vulnerability Name:

CVE-2021-32490 (CCN-204388)

Assigned:

2021-05-10

Published:

2021-05-10

Updated:

2022-12-21

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-32490

Source: CCN
Type: SourceForge DjVuLibre Project
DjVuLibre: Open Source DjVu library and viewer

Source: CCN
Type: Red Hat Bugzilla Bug 1943693
(CVE-2021-32490) - CVE-2021-32490 djvulibre: Out of bounds write in function DJVU::filter_bv() via crafted djvu file

Source: patrick@puiterwijk.org
Type: Issue Tracking, Third Party Advisory
patrick@puiterwijk.org

Source: XF
Type: UNKNOWN
djvulibre-cve202132490-dos(204388)

Source: patrick@puiterwijk.org
Type: Third Party Advisory
patrick@puiterwijk.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-32490

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7464	P	collectd-5.12.0-150400.3.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7927	P	libdjvulibre-devel-3.5.27-11.11.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3307	P	ntp-4.2.8p13-85.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94771	P	patch-2.7.6-3.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94937	P	libdjvulibre-devel-3.5.27-11.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95239	P	Security update for kernel-firmware (Important)	2022-06-02
oval:org.opensuse.security:def:6011	P	Security update for zabbix (Moderate)	2022-04-19
oval:org.opensuse.security:def:101952	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:112157	P	djvulibre-3.5.28-3.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105693	P	djvulibre-3.5.28-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101484	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:99658	P	(Important)	2021-07-14
oval:org.opensuse.security:def:111545	P	Security update for djvulibre (Important)	2021-07-11
oval:org.opensuse.security:def:99966	P	(Important)	2021-06-22
oval:org.opensuse.security:def:111394	P	Security update for djvulibre (Important)	2021-05-22
oval:org.opensuse.security:def:10081	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:108618	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92115	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:96954	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:68553	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:75848	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:102557	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9327	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99065	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:5691	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92907	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:70221	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:66780	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:10260	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8582	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:109223	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92310	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:96956	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69467	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:76168	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:101695	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9510	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99260	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:93060	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:70400	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:67100	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:117664	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:74283	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8759	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:95844	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:4126	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92509	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69650	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:65215	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:1463	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9709	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99459	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:7419	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:93213	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:108150	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:91920	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:68508	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:118308	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:74348	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8954	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:98870	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:4191	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92708	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69849	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:65280	P	Security update for djvulibre (Important)	2021-05-19

BACK