{"affected":[{"ecosystem_specific":{"binaries":[{"libdjvulibre-devel":"3.5.27-3.3.1","libdjvulibre21":"3.5.27-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"djvulibre","purl":"pkg:rpm/suse/djvulibre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.27-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdjvulibre-devel":"3.5.27-3.3.1","libdjvulibre21":"3.5.27-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"djvulibre","purl":"pkg:rpm/suse/djvulibre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.27-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"djvulibre":"3.5.27-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15","name":"djvulibre","purl":"pkg:rpm/suse/djvulibre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.27-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for djvulibre fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702).\n- CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569).\n- CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571).\n- CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572).\n- Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295).\n","id":"SUSE-SU-2019:2452-1","modified":"2019-09-24T14:45:53Z","published":"2019-09-24T14:45:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192452-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146569"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146571"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146572"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146702"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15143"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15145"}],"related":["CVE-2019-15142","CVE-2019-15143","CVE-2019-15144","CVE-2019-15145"],"summary":"Security update for djvulibre","upstream":["CVE-2019-15142","CVE-2019-15143","CVE-2019-15144","CVE-2019-15145"]}