CVE-2012-6535

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.

Published: Dec 2, 2013
Updated: Nov 9, 2025
CVE: CVE-2012-6535
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
djvulibre_project / djvulibre	3.5.15	3.5.15.x
djvulibre_project / djvulibre	3.5.19	3.5.19.x
djvulibre_project / djvulibre	3.5.5	3.5.5.x
djvulibre_project / djvulibre	3.5.3	3.5.3.x
djvulibre_project / djvulibre	3.5.21	3.5.21.x
djvulibre_project / djvulibre	3.5.23	3.5.23.x
djvulibre_project / djvulibre	3.5.18	3.5.18.x
djvulibre_project / djvulibre	3.5.12	3.5.12.x
djvulibre_project / djvulibre	3.5.2	3.5.2.x
djvulibre_project / djvulibre	3.5.9	3.5.9.x
djvulibre_project / djvulibre	3.5.20	3.5.20.x
djvulibre_project / djvulibre	3.5.16	3.5.16.x
djvulibre_project / djvulibre	3.5.13	3.5.13.x
djvulibre_project / djvulibre	3.5.22	3.5.22.x
djvulibre_project / djvulibre	3.5.4	3.5.4.x
djvulibre_project / djvulibre	3.5.1	3.5.1.x
djvulibre_project / djvulibre	3.5.6	3.5.6.x
djvulibre_project / djvulibre	3.5.24	3.5.24.x
djvulibre_project / djvulibre	3.5.14	3.5.14.x
djvulibre_project / djvulibre	3.5.11	3.5.11.x
djvulibre_project / djvulibre	3.5.10	3.5.10.x
djvulibre_project / djvulibre	3.5.8	3.5.8.x
djvulibre_project / djvulibre	3.5.7	3.5.7.x
djvulibre_project / djvulibre	3.5.17	3.5.17.x
djvulibre_project / djvulibre	-	3.5.25.x

Vulnerability Database

300,214

CVE-2012-6535

Deep Security Visibility Without the Complexity