<p>Upgrade <code>Debian:10</code> <code>djvulibre</code> to version 3.5.25.3-1 or higher.</p>

Arbitrary Code Injection Affecting djvulibre package, versions <3.5.25.3-1

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 9.26% (95^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN10-DJVULIBRE-266712
published 2 Dec 2013
disclosed 2 Dec 2013

Report a new vulnerability Found a mistake?

Introduced: 2 Dec 2013

CVE-2012-6535 Open this link in a new tab CWE-94 Open this link in a new tab

How to fix?

Upgrade Debian:10 djvulibre to version 3.5.25.3-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream djvulibre package and not the djvulibre package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.