CVE-2021-46310

Name	CVE-2021-46310
Description	An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1052668

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
djvulibre (PTS)	jessie, jessie (lts)	3.5.25.4-4+deb8u4	fixed
	stretch (security), stretch (lts), stretch	3.5.27.1-7+deb9u2	fixed
	buster (security), buster, buster (lts)	3.5.27.1-10+deb10u1	vulnerable
	sid, bullseye, trixie, bookworm	3.5.28-2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
djvulibre	source	jessie	(not affected)
djvulibre	source	stretch	(not affected)
djvulibre	source	(unstable)	(unfixed)	1052668

Notes

[bookworm] - djvulibre <ignored> (Minor issue)
[bullseye] - djvulibre <no-dsa> (Minor issue)
[buster] - djvulibre <no-dsa> (Minor issue)
https://sourceforge.net/p/djvu/bugs/345/
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/
[stretch] - djvulibre <not-affected> (The vulnerable code was introduced later)
[jessie] - djvulibre <not-affected> (The vulnerable code was introduced later)