Debian 10263 Published by

A djvulibre security update has been released for Debian GNU/Linux 8 Extended LTS to address an out-of-bounds write vulnerability.



ELA-454-1 djvulibre security update

Package djvulibre
Version 3.5.25.4-4+deb8u4
Related CVEs CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault.

For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u4.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-454-1 djvulibre security update