CVE-2012-6535

Priority
Medium
Description
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid,
and other products, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted DjVu (aka .djv)
file.
References
Assigned-to
mdeslaur
Package
Upstream:released (3.5.25.3-1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.5.24-9ubuntu0.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (3.5.25.3-1ubuntu1)
Ubuntu 13.04 (Raring Ringtail):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Patches:
Upstream:http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-16 20:14:43 UTC (commit 7547)