CVE-2025-53367

Name of the Vulnerable Software and Affected Versions DjVuLibre versions prior to 3.5.29 djvulibre versions prior to 3.5.28-2.1~deb12u1 mingw-djvulibre version 3.5.29 djview versions prior to 3.5.28-2ubuntu0.25.04.1 djview3 versions prior to 3.5.28-2ubuntu0.25.04.1 djvulibre-bin versions prior to 3.5.28-2ubuntu0.25.04.1 djvulibre-desktop versions prior to 3.5.28-2ubuntu0.25.04.1 djvuserve versions prior to 3.5.28-2ubuntu0.25.04.1 libdjvulibre-dev versions prior to 3.5.28-2ubuntu0.25.04.1 libdjvulibre-text versions prior to 3.5.28-2ubuntu0.25.04.1 libdjvulibre21 versions prior to 3.5.28-2ubuntu0.25.04.1

Description DjVuLibre is susceptible to an out-of-bounds write vulnerability within the MMRDecoder::scanruns method. This occurs because the code does not validate that the xr pointer remains within the allocated buffer boundaries. This can lead to memory corruption and potentially allow for remote code execution when processing specially crafted DjVu documents. The vulnerability can also result in out-of-bounds reads. The issue affects systems using DjVuLibre, including those that automatically detect DjVu documents with a .pdf extension, such as Evince and Papers.

Recommendations Update to DjVuLibre version 3.5.29 or later. Update djvulibre to version 3.5.28-2.1~deb12u1 or later. Update mingw-djvulibre to version 3.5.29 or later. Update djview to version 3.5.28-2ubuntu0.25.04.1 or later. Update djview3 to version 3.5.28-2ubuntu0.25.04.1 or later. Update djvulibre-bin to version 3.5.28-2ubuntu0.25.04.1 or later. Update djvulibre-desktop to version 3.5.28-2ubuntu0.25.04.1 or later. Update djvuserve to version 3.5.28-2ubuntu0.25.04.1 or later. Update libdjvulibre-dev to version 3.5.28-2ubuntu0.25.04.1 or later. Update libdjvulibre-text to version 3.5.28-2ubuntu0.25.04.1 or later. Update libdjvulibre21 to version 3.5.28-2ubuntu0.25.04.1 or later. Run sudo pro fix USN-7631-1 to fix the vulnerability.