|
|
Subscribe / Log in / New account

Debian alert DLA-4247-1 (djvulibre)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4247-1] djvulibre security update


Date:
              Mon, 21 Jul 2025 22:30:37 +0300


Message-ID:
              <aH6VXR4VQj0sOO++@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4247-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
July 21, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : djvulibre
Version        : 3.5.28-2.2~deb11u1
CVE ID         : CVE-2021-46310 CVE-2021-46312 CVE-2025-53367
Debian Bug     : 1052668 1052669 1108729

Multiple vulnerabilities have been fixed in DjVuLibre,
a library and tools to handle documents in the DjVu format.

CVE-2021-46310

    Divide by zero in IW44Image::Map::image()

CVE-2021-46312

    Divide by zero in IWBitmap::Encode::init()

CVE-2025-53367

    Buffer overflow in MMRDecoder

For Debian 11 bullseye, these problems have been fixed in version
3.5.28-2.2~deb11u1.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmh+lVoACgkQiNJCh6LY
mLE8YBAAiuJHQY6SDy29BIMZJEjRDdL7XJWtplqANwlJtFfOgEVltIs7iM1RTasW
TvGKatLTZXu+2l1u0h2J38NcBgaQif1O7uN6sQ/a4uBC4SsvSkK7LK5+7pwh7WmB
o6X0j+LAuqDEO2rQY9WqQW4v9e97ycBepDVDtiSymI7BS46YaDfIzwrPLDzxhfFn
/roe3/MRugrQc/yeciwn3I+Spgmzy4YIpw+JlAVz//h7yFjjuuCZaogGv2t2bin4
vogX2cvzcKAuWEWc0zPZAoj2Bs3VF0dkTCXKoaE6wHroadFgfJccTbuy+PilBOxK
vmf8SpBPUGe6nmUeUAHkbjWYPQ7l3GtuV0L46iQ6/pR9v/8j2Fcwb1j3blbBGARV
YbjPziej0YyWEWZMb+5yTGMqYHpIxndXEkixgFWWdhop0pxKUu8m1ful2d/KHn9T
srf4/XhvwiCGcvWN5D4x0IWlIXBZjpj0RGWEy3nCakccAOj11nLoMxZz1wZ6lAON
mfqED2k/DNBjR13AtiaYIClVsGqbIoFrI4zhBu/CtKKfPC/pLTGoF/hvTgXqR+1i
7xhDtL8Tr3avIaBCgrncnGTdWL3OK9j+PGH8ffuh790cLRZPCn6uvOA0xgbuRRFY
xD5pXZaJUv17J+o22T5qKSTsPMS5/uya4zMIu075qw+CPEPeKaU=
=OuTX
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds