CVE-2012-6535
djvulibre - arbitrary code execution
EPSS 5.4%
Description
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
How to fix CVE-2012-6535
To remediate CVE-2012-6535, upgrade the affected package to a fixed version below.
- Debian/djvulibre—upgrade to 3.5.25.3-1 or later
- Debian/djvulibre—upgrade to 3.5.23-3+squeeze1 or later
Is CVE-2012-6535 being exploited?
Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.5.25.3-1
- from 0, < 3.5.23-3+squeeze1