Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

Debian 11: DjVuLibre Critical Buffer Overflow and Zero Division DLA-4247-1

debian lts
Calendar Grey July 21, 2025
Dist Debian Esm H88
DjVuLibre has been enhanced to address significant security vulnerabilities, resolving problems like division by zero errors and potential buffer overflow risks.
Multiple vulnerabilities have been fixed in DjVuLibre, a library and tools to handle documents in the DjVu format
Topics%20covered

Topics Covered

security advisory security update buffer overflow critical debian djvulibre

Summary

CVE-2021-46310

Divide by zero in IW44Image::Map::image()

CVE-2021-46312

Divide by zero in IWBitmap::Encode::init()

CVE-2025-53367

Buffer overflow in MMRDecoder

For Debian 11 bullseye, these problems have been fixed in version
3.5.28-2.2~deb11u1.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/djvulibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: djvulibre
Version: 3.5.28-2.2~deb11u1
CVE ID: CVE-2021-46310 CVE-2021-46312 CVE-2025-53367
Debian Bug: 1052668 1052669 1108729

Topics%20covered

Topics Covered

security advisory security update buffer overflow critical debian djvulibre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here