A security update for djvulibre has been released for Debian GNU/Linux 12 (Bookworm). This advisory, identified as DSA-5960-1, addresses a critical vulnerability (CVE-2025-53367) discovered by Antonio Morales. The vulnerability involves an out-of-bounds write in the MMRDecoder::scanruns method of the djvulibre library, which could potentially allow an attacker to execute arbitrary code when processing a specially crafted DjVu document.
The issue has been resolved in the updated version 3.5.28-2.1~deb12u1 for the stable distribution, and users are urged to upgrade their djvulibre packages promptly to mitigate any security risks.
For detailed information regarding the security status of djvulibre, users can visit the Debian security tracker page. Additionally, resources on applying updates and addressing frequently asked questions about Debian Security Advisories are available on the Debian website.
Extension:
To further enhance security, users are encouraged to regularly check for updates and patches for all installed software, not just djvulibre. Implementing routine system audits and employing security best practices can significantly reduce vulnerabilities. Moreover, users should consider subscribing to Debian's security mailing list to stay informed about future advisories and updates. This proactive approach will help maintain system integrity and protect against potential threats that may arise in the evolving cybersecurity landscape
The issue has been resolved in the updated version 3.5.28-2.1~deb12u1 for the stable distribution, and users are urged to upgrade their djvulibre packages promptly to mitigate any security risks.
For detailed information regarding the security status of djvulibre, users can visit the Debian security tracker page. Additionally, resources on applying updates and addressing frequently asked questions about Debian Security Advisories are available on the Debian website.
Extension:
To further enhance security, users are encouraged to regularly check for updates and patches for all installed software, not just djvulibre. Implementing routine system audits and employing security best practices can significantly reduce vulnerabilities. Moreover, users should consider subscribing to Debian's security mailing list to stay informed about future advisories and updates. This proactive approach will help maintain system integrity and protect against potential threats that may arise in the evolving cybersecurity landscape
Djvulibre security update for Debian 12
A djvulibre security update has been released for Debian GNU/Linux 12 (Bookworm):
[DSA 5960-1] djvulibre security update
