Debian 10260 Published by

A djvulibre security update has been released for Debian GNU/Linux 8 Extended LTS to address several vulnerabilities.



ELA-434-1 djvulibre security update

Package djvulibre
Version 3.5.25.4-4+deb8u3
Related CVEs CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493

Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files.

For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u3.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-434-1 djvulibre security update