vulnerability

Debian: CVE-2025-53367: djvulibre -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Jul 3, 2025	Jul 7, 2025	Jan 16, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 3, 2025

Added

Jul 7, 2025

Modified

Jan 16, 2026

Description

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

Solution

debian-upgrade-djvulibre

References

CVE-2025-53367
https://attackerkb.com/topics/CVE-2025-53367
CWE-125
CWE-787
DEBIAN-DSA-5960-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today