Aggregates CVE and security vulnerability intelligence across all djvulibre_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-46312 | An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | [email protected] | 6.5 | 0.87% | 2023-08-22 | 2026-06-17 |
| CVE-2021-46310 | An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | [email protected] | 6.5 | 0.86% | 2023-08-22 | 2026-06-17 |
| CVE-2021-3630 | An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. | [email protected] | 5.5 | 1.05% | 2021-06-30 | 2026-06-17 |
| CVE-2021-3500 | A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. | [email protected] | 7.8 | 0.94% | 2021-06-24 | 2026-06-17 |
| CVE-2021-32493 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | [email protected] | 7.8 | 1.00% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32492 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | [email protected] | 7.8 | 0.93% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32491 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | [email protected] | 7.8 | 0.88% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32490 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | [email protected] | 7.8 | 0.91% | 2021-06-24 | 2026-06-16 |
| CVE-2019-18804 | DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | [email protected] | 7.5 | 3.67% | 2019-11-07 | 2026-06-16 |
| CVE-2019-15145 | DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. | [email protected] | 5.5 | 1.57% | 2019-08-18 | 2026-06-16 |
| CVE-2019-15144 | In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. | [email protected] | 5.5 | 1.77% | 2019-08-18 | 2026-06-16 |
| CVE-2019-15143 | In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. | [email protected] | 5.5 | 1.71% | 2019-08-18 | 2026-06-16 |
| CVE-2019-15142 | In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. | [email protected] | 5.5 | 1.85% | 2019-08-18 | 2026-06-16 |
| CVE-2012-6535 | DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | [email protected] | 9.3 | 4.64% | 2013-12-02 | 2026-06-16 |