{"affected":[{"ecosystem_specific":{"binaries":[{"djvulibre":"3.5.27-11.3.1","djvulibre-doc":"3.5.27-11.3.1","libdjvulibre-devel":"3.5.27-11.3.1","libdjvulibre21":"3.5.27-11.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"djvulibre","purl":"pkg:rpm/opensuse/djvulibre&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.27-11.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for djvulibre fixes the following issues:\n\n- CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file\n- CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file\n- CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file\n- CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file\n","id":"openSUSE-SU-2021:1641-1","modified":"2021-07-11T06:27:04Z","published":"2021-07-11T06:27:04Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JR6UIBZP5PP63ZY663PXBSRRCYNCGVJV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185895"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185900"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185905"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32490"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32491"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32492"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32493"}],"related":["CVE-2021-32490","CVE-2021-32491","CVE-2021-32492","CVE-2021-32493"],"summary":"Security update for djvulibre","upstream":["CVE-2021-32490","CVE-2021-32491","CVE-2021-32492","CVE-2021-32493"]}