DjVuLibre '.djv' File CVE-2012-6535 Remote Memory Corruption Vulnerability

Bugtraq ID:	58610
Class:	Unknown
CVE:	CVE-2012-6535
Remote:	Yes
Local:	No
Published:	Mar 19 2013 12:00AM
Updated:	Feb 17 2014 07:07PM
Credit:	Jeremy Brown of Microsoft
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

DjVuLibre '.djv' File CVE-2012-6535 Remote Memory Corruption Vulnerability

DjVuLibre is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

DjVuLibre versions 3.5.25 and prior are vulnerable.

DjVuLibre '.djv' File CVE-2012-6535 Remote Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DjVuLibre '.djv' File CVE-2012-6535 Remote Memory Corruption Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the referenced advisory for details.

DjVuLibre '.djv' File CVE-2012-6535 Remote Memory Corruption Vulnerability

References:

• Microsoft Homepage (Microsoft)