| Package | djvulibre |
|---|---|
| Version | 3.5.27.1-7+deb9u3 (stretch), 3.5.27.1-10+deb10u2 (buster) |
| Related CVEs | CVE-2021-46312 CVE-2025-53367 |
Multiple vulnerabilities have been fixed in DjVuLibre, a library and tools to handle documents in the DjVu format.
CVE-2021-46312
Divide by zero in IWBitmap::Encode::init()
CVE-2025-53367
Buffer overflow in MMRDecoder
For Debian 10 buster, these problems have been fixed in version 3.5.27.1-10+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 3.5.27.1-7+deb9u3.
We recommend that you upgrade your djvulibre packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.