{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66054?format=json","vulnerability_id":"VCID-y1y5-wb9u-nbcy","summary":"DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.","aliases":[{"alias":"CVE-2019-15145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516114?format=json","purl":"pkg:deb/debian/djvulibre@3.5.27.1-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.27.1-10%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/92898?format=json","purl":"pkg:deb/debian/djvulibre@3.5.27.1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.27.1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/518338?format=json","purl":"pkg:deb/debian/djvulibre@3.5.28-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-z2vk-gct4-jqfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.28-2"},{"url":"http://public2.vulnerablecode.io/api/packages/92895?format=json","purl":"pkg:deb/debian/djvulibre@3.5.28-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.28-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92893?format=json","purl":"pkg:deb/debian/djvulibre@3.5.28-2.2~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.28-2.2~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92897?format=json","purl":"pkg:deb/debian/djvulibre@3.5.28-2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.28-2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92896?format=json","purl":"pkg:deb/debian/djvulibre@3.5.30-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.30-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/194089?format=json","purl":"pkg:ebuild/app-text/djvu@3.5.27-r2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-text/djvu@3.5.27-r2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516107?format=json","purl":"pkg:deb/debian/djvulibre@3.5.14-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41g1-z9qf-wkd6"},{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.14-2"},{"url":"http://public2.vulnerablecode.io/api/packages/516108?format=json","purl":"pkg:deb/debian/djvulibre@3.5.17-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41g1-z9qf-wkd6"},{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.17-3"},{"url":"http://public2.vulnerablecode.io/api/packages/516109?format=json","purl":"pkg:deb/debian/djvulibre@3.5.20-8%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41g1-z9qf-wkd6"},{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.20-8%252Blenny1"},{"url":"http://public2.vulnerablecode.io/api/packages/516110?format=json","purl":"pkg:deb/debian/djvulibre@3.5.23-3%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41g1-z9qf-wkd6"},{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.23-3%252Bsqueeze1"},{"url":"http://public2.vulnerablecode.io/api/packages/516111?format=json","purl":"pkg:deb/debian/djvulibre@3.5.25.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.25.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/516112?format=json","purl":"pkg:deb/debian/djvulibre@3.5.25.4-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.25.4-4"},{"url":"http://public2.vulnerablecode.io/api/packages/516113?format=json","purl":"pkg:deb/debian/djvulibre@3.5.27.1-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.27.1-7"},{"url":"http://public2.vulnerablecode.io/api/packages/516114?format=json","purl":"pkg:deb/debian/djvulibre@3.5.27.1-10%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-767v-zxkq-u7gu"},{"vulnerability":"VCID-7f98-tf9f-nyf4"},{"vulnerability":"VCID-9qhc-tu8d-qbeb"},{"vulnerability":"VCID-bjwf-6vk3-efae"},{"vulnerability":"VCID-c5th-85fp-skce"},{"vulnerability":"VCID-j27m-29xr-wufr"},{"vulnerability":"VCID-j2ku-y7v5-63ft"},{"vulnerability":"VCID-jdkx-sk29-efgx"},{"vulnerability":"VCID-npba-tcst-u3gt"},{"vulnerability":"VCID-rd2d-serg-fbd5"},{"vulnerability":"VCID-xsn6-xrtn-ekb1"},{"vulnerability":"VCID-y1y5-wb9u-nbcy"},{"vulnerability":"VCID-z2vk-gct4-jqfa"},{"vulnerability":"VCID-zmcy-9cv5-wued"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/djvulibre@3.5.27.1-10%252Bdeb10u1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15145","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.6448","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64478","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64471","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64428","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64468","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64457","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3630"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202007-36","reference_id":"GLSA-202007-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-36"},{"reference_url":"https://usn.ubuntu.com/4198-1/","reference_id":"USN-4198-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4198-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":"5.5 - 5.5","exploitability":"0.5","weighted_severity":"2.8","risk_score":1.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1y5-wb9u-nbcy"}