djvulibre_project CVE Vulnerabilities & Metrics

Focus on djvulibre_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About djvulibre_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with djvulibre_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total djvulibre_project CVEs: 13
Earliest CVE date: 02 Dec 2013, 22:55 UTC
Latest CVE date: 22 Aug 2023, 19:16 UTC

Latest CVE reference: CVE-2021-46312

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical djvulibre_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.99

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	11
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS djvulibre_project CVEs

These are the five CVEs with the highest CVSS scores for djvulibre_project, sorted by severity first and recency.

CVE-2012-6535 djvulibre_project Published on 02 Dec 2013, 22:55 UTC (CVSS: 9.3)
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
CVE-2021-3500 djvulibre_project Published on 24 Jun 2021, 19:15 UTC (CVSS: 6.8)
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32493 djvulibre_project Published on 24 Jun 2021, 19:15 UTC (CVSS: 6.8)
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32492 djvulibre_project Published on 24 Jun 2021, 19:15 UTC (CVSS: 6.8)
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32491 djvulibre_project Published on 24 Jun 2021, 19:15 UTC (CVSS: 6.8)
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.

All CVEs for djvulibre_project

CVE-2021-46312 djvulibre_project vulnerability CVSS: 0 22 Aug 2023, 19:16 UTC

An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

CVE-2021-46310 djvulibre_project vulnerability CVSS: 0 22 Aug 2023, 19:16 UTC

An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

CVE-2021-3630 djvulibre_project vulnerability CVSS: 4.3 30 Jun 2021, 14:15 UTC

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

CVE-2021-3500 djvulibre_project vulnerability CVSS: 6.8 24 Jun 2021, 19:15 UTC

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.

CVE-2021-32493 djvulibre_project vulnerability CVSS: 6.8 24 Jun 2021, 19:15 UTC

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.

CVE-2021-32492 djvulibre_project vulnerability CVSS: 6.8 24 Jun 2021, 19:15 UTC

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.

CVE-2021-32491 djvulibre_project vulnerability CVSS: 6.8 24 Jun 2021, 19:15 UTC

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.

CVE-2021-32490 djvulibre_project vulnerability CVSS: 6.8 24 Jun 2021, 19:15 UTC

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.

CVE-2019-18804 djvulibre_project vulnerability CVSS: 5.0 07 Nov 2019, 06:15 UTC

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

CVE-2019-15145 djvulibre_project vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.

CVE-2019-15144 djvulibre_project vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

CVE-2019-15143 djvulibre_project vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

CVE-2019-15142 djvulibre_project vulnerability CVSS: 4.3 18 Aug 2019, 19:15 UTC

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

CVE-2012-6535 djvulibre_project vulnerability CVSS: 9.3 02 Dec 2013, 22:55 UTC

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.