ELA-454-1 djvulibre security update

crash or segfault

2021-07-04
Packagedjvulibre
Version3.5.25.4-4+deb8u4
Related CVEs CVE-2021-3630


An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault.



For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u4.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support