CVE-2021-46310: 
NixOS vulnerability analysis and mitigation

CVE-2021-46310 is a vulnerability discovered in djvulibre version 3.5.28, specifically in the IW44Image.cpp file. The vulnerability allows attackers to cause a denial of service through a divide-by-zero error (NVD, CVE). The issue was initially reported in January 2022 and affects the image processing functionality of the software.

The vulnerability exists in the IW44Image::Map::image function within IW44Image.cpp. The issue occurs during image size calculation where a division operation can be performed with a zero divisor, leading to an arithmetic exception. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability can cause the application to crash through a divide-by-zero error, resulting in a denial of service condition. This affects the availability of the DjVu document processing capabilities (Sourceforge Bug).

Patches have been released to address this vulnerability. The fix involves adding a check for zero-size images before performing the division operation. Updates are available in newer package versions for various distributions including Fedora 38, 39, and 40 (Fedora Update).