USN-7631-1

Details

It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Packages

Ubuntu:22.04:LTSdjvulibre

Fixed in:

3.5.28-2ubuntu0.22.04.1

Ubuntu:24.04:LTSdjvulibre

Fixed in:

3.5.28-2ubuntu0.24.04.1

Ubuntu:25.04djvulibre

Fixed in:

3.5.28-2ubuntu0.25.04.1

References

REPORThttps://ubuntu.com/security/CVE-2025-53367 ADVISORYhttps://ubuntu.com/security/notices/USN-7631-1

USN-7631-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline