CVE-2012-6535
Published: 2 December 2013
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
Priority
Status
Package | Release | Status |
---|---|---|
djvulibre Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.5.24-9ubuntu0.1)
|
|
quantal |
Not vulnerable
(3.5.25.3-1ubuntu1)
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Released
(3.5.25.3-1)
|
|
Patches: upstream: http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/ |