6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
22.8%
libdjvulibre.so is Denial Of Service (DoS). The vulnerability exists in the IW44Image::Map::image
function at IW44Image.cpp
due to a divide by zero bug resulting in a floating point exception causing an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
libdjvulibre.so | le | 21.7.0-3.5.28-3.el8.x86_64.debug | |
libdjvulibre.so | le | 21.7.0-3.5.28-3.el8.x86_64.debug |
github.com/advisories/GHSA-8v9r-5752-3c33
github.com/barak/djvulibre/blob/master/libdjvu/IW44Image.cpp#L674
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5/
sourceforge.net/p/djvu/bugs/345/