DjVuLibre 3.5.27 NULL Pointer Dereference Vulnerability

Summary

DjVu is a web-centric format for distributing documents and images. DjVu was created at AT&T Labs-Research and later sold to LizardTech Inc. DjVuLibre is a GPL implementation of DjVu maintained by the original inventors of DjVu.

Credit:

The information has been provided by Vendor

The original article can be found at:https://sourceforge.net/p/djvu/bugs/309/

 


Details

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

 

Vulnerable Systems:

DjVuLibre 3.5.27 

 

CVE Information:

CVE-2019-18804

Disclosure Timeline:
Published Date:11/7/2019