Home

CVE-2025-53367

Description

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.017

Associated Vulnerability

VulnerabilityOS Platform
djvulibre security update(DSA-5960-1) djview_3.5.28-2.1~deb12u1_all.debLinux
djvulibre security update(DSA-5960-1) libdjvulibre21_3.5.28-2.1~deb12u1_i386.debLinux
djvulibre security update(DSA-5960-1) libdjvulibre21_3.5.28-2.1~deb12u1_amd64.debLinux
djvulibre security update(DSA-5960-1) libdjvulibre-text_3.5.28-2.1~deb12u1_all.debLinux
djvulibre security update(DSA-5960-1) libdjvulibre-dev_3.5.28-2.1~deb12u1_i386.debLinux
djvulibre security update(DSA-5960-1) libdjvulibre-dev_3.5.28-2.1~deb12u1_amd64.debLinux
djvulibre security update(DSA-5960-1) djvuserve_3.5.28-2.1~deb12u1_i386.debLinux
djvulibre security update(DSA-5960-1) djvuserve_3.5.28-2.1~deb12u1_amd64.debLinux
djvulibre security update(DSA-5960-1) djvulibre-desktop_3.5.28-2.1~deb12u1_all.debLinux
djvulibre security update(DSA-5960-1) djvulibre-bin_3.5.28-2.1~deb12u1_i386.debLinux
djvulibre security update(DSA-5960-1) djvulibre-bin_3.5.28-2.1~deb12u1_amd64.debLinux
djvulibre security update(DSA-5960-1) djview3_3.5.28-2.1~deb12u1_all.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.22.04.1_amd64.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.22.04.1_i386.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.24.04.1_amd64.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.24.04.1_i386.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.25.04.1_amd64.debLinux
DjVu image format library and tools (USN-7631-1) libdjvulibre21_3.5.28-2ubuntu0.25.04.1_i386.debLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP7) libdjvulibre21-debuginfo-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP6) libdjvulibre21-debuginfo-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP7) libdjvulibre21-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP6) libdjvulibre21-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP7) libdjvulibre-devel-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP6) libdjvulibre-devel-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP7) djvulibre-debugsource-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP6) djvulibre-debugsource-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP7) djvulibre-debuginfo-3.5.27-150200.11.17.1.x86_64.rpmLinux
SUSE-SU-2025:02703-1(Desktop Applications Module 15 SP6) djvulibre-debuginfo-3.5.27-150200.11.17.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234