Debian Security Advisory DSA 2844-1 (djvulibre - Arbitrary Code Execution) Network Vulnerability

Summary

It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 3.5.23-3+squeeze1. This problem has been fixed before the release of the stable distribution (wheezy), therefore it is not affected. We recommend that you upgrade your djvulibre packages.

Affected

djvulibre on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2844.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-6535

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 002-1 (fsh)
Debian Security Advisory DSA 1063-1 (phpgroupware)
Debian Security Advisory DSA 1083-1 (motor)
Debian Security Advisory DSA 047-1 (various kernel packages)
Debian Security Advisory DSA 1011-1 (kernel-patch-vserver, util-vserver)

Debian Security Advisory DSA 2844-1 (djvulibre - arbitrary code execution)

Take action and discover your vulnerabilities