A djvulibre security update has been released for Debian GNU/Linux 8 LTS

Package : djvulibre
Version : 3.5.25.4-4+deb8u2
CVE ID : CVE-2019-18804

It was discovered that there was a NULL pointer dereference issue in the IW44 encoder/decoder within DjVu, a set of compression technologies for high-resolution ssues.

For Debian 8 "Jessie", this issue has been fixed in djvulibre version 3.5.25.4-4+deb8u2.

We recommend that you upgrade your djvulibre packages.