![]() Any file format can be exploited, even ones you don't expect. In fact, they usually skip files that are not executable. They do not necessarily contain any tell-tale signs such as visible embedded scripts or suspicious strings, and antivirus will rarely be able to detect them. Unfortunately, it is not possible to manually detect a malicious file of this sort. The CVE details page gives some general information about its impact:ÄjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka. ![]() The vulnerability, as reported by Microsoft, was a memory corruption bug that allowed for code execution. A historical example is CVE-2012-6535, which affected the popular DjVuLibre library, used by many document viewers. ![]() Many viewers use the same library, making a vulnerability in a single library relevant to large number of viewers. While, as others have mentioned, it is designed not to have any executable code, a vulnerability in a DjVu parser can be used to exploit the viewer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |