Vulnerability CVE-2021-32492

Vulnerability Name:

CVE-2021-32492 (CCN-204378)

Assigned:

2021-05-10

Published:

2021-05-10

Updated:

2022-03-09

Summary:

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-32492

Source: CCN
Type: SourceForge DjVuLibre Project
DjVuLibre: Open Source DjVu library and viewer

Source: CCN
Type: Red Hat Bugzilla Bug 1943686
(CVE-2021-32492) - CVE-2021-32492 djvulibre: Out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1943686

Source: XF
Type: UNKNOWN
djvulibre-cve202132492-dos(204378)

Source: DEBIAN
Type: Third Party Advisory
DSA-5032

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-32492

Vulnerable Configuration:

Configuration 1:

cpe:/a:djvulibre_project:djvulibre:*:*:*:*:*:*:*:* (Version <= 3.5.28)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:djvulibre_project:djvulibre:3.5.28:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7464	P	collectd-5.12.0-150400.3.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7927	P	libdjvulibre-devel-3.5.27-11.11.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51561	P	Security update for cni-plugins (Important) (in QA)	2022-11-18
oval:org.opensuse.security:def:3307	P	ntp-4.2.8p13-85.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94771	P	patch-2.7.6-3.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94937	P	libdjvulibre-devel-3.5.27-11.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95239	P	Security update for kernel-firmware (Important)	2022-06-02
oval:org.opensuse.security:def:6011	P	Security update for zabbix (Moderate)	2022-04-19
oval:org.opensuse.security:def:101952	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:112157	P	djvulibre-3.5.28-3.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105693	P	djvulibre-3.5.28-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101484	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:99658	P	(Important)	2021-07-14
oval:org.opensuse.security:def:111545	P	Security update for djvulibre (Important)	2021-07-11
oval:org.opensuse.security:def:99966	P	(Important)	2021-06-22
oval:org.opensuse.security:def:111394	P	Security update for djvulibre (Important)	2021-05-22
oval:org.opensuse.security:def:32093	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:57444	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:84598	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:23900	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:45698	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:125533	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:108618	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:10260	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92115	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:101695	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:96954	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8582	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:68553	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99260	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:34433	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:59730	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:87382	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:30196	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:55899	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:83283	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:40119	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:76168	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92907	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:5038	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9510	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:70221	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:66780	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:89385	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:32918	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:57916	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:85638	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:26051	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:126703	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:109223	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:74283	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92310	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:1463	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:96956	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8759	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69467	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99459	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:4126	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:60256	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:88116	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:31174	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:56019	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:83403	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:41268	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:43250	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:93060	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:117664	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9709	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:70400	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:7419	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:67100	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:98870	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:33649	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:58741	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:86085	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:29363	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:51888	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:95844	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:127100	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:74348	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92509	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8954	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69650	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:4191	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:65215	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:88428	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:31621	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:56997	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:84141	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:23573	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:44549	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:93213	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:118308	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:108150	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:10081	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:91920	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:102557	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:68508	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:99065	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:33907	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:59472	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:86557	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:30076	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:55186	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:82570	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:38820	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:75848	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:92708	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9327	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:69849	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:5691	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:65280	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:89127	P	Security update for djvulibre (Important)	2021-05-19

BACK