CVE Vulnerabilities

CVE-2019-15143

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Aug 18, 2019 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Djvulibre Djvulibre_project 3.5.27 (including) 3.5.27 (including)
Djvulibre Ubuntu bionic *
Djvulibre Ubuntu disco *
Djvulibre Ubuntu esm-infra/bionic *
Djvulibre Ubuntu esm-infra/xenial *
Djvulibre Ubuntu trusty *
Djvulibre Ubuntu upstream *
Djvulibre Ubuntu xenial *

References