PublicDateAtUSN: 2019-08-18 19:15:00 UTC
Candidate: CVE-2019-15144
PublicDate: 2019-08-18 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15144
 https://ubuntu.com/security/notices/USN-4198-1
Description:
 In DjVuLibre 3.5.27, the sorting functionality (aka
 GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service
 (application crash due to an Uncontrolled Recursion) by crafting a PBM
 image file that is mishandled in libdjvu/GContainer.h.
Ubuntu-Description:
Notes:
Bugs:
 https://sourceforge.net/p/djvu/bugs/299/
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_djvulibre:
 upstream: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
upstream_djvulibre: released (3.5.27.1-11)
precise/esm_djvulibre: DNE
trusty_djvulibre: ignored (out of standard support)
trusty/esm_djvulibre: DNE
xenial_djvulibre: released (3.5.27.1-5ubuntu0.1)
esm-infra/xenial_djvulibre: released (3.5.27.1-5ubuntu0.1)
bionic_djvulibre: released (3.5.27.1-8ubuntu0.1)
disco_djvulibre: released (3.5.27.1-10ubuntu0.1)
eoan_djvulibre: not-affected (3.5.27.1-11)
devel_djvulibre: not-affected (3.5.27.1-11)