ELA-157-1 djvulibre security update

several issues (overflows)

2019-08-29
Packagedjvulibre
Version3.5.25.3-1+deb7u1
Related CVEs CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145


Hongxu Chen found several issues in djvulibre, a library and set of tools to handle images in the DjVu format. The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop and an invalid read when working with crafted files as input.



For Debian 7 Wheezy, these problems have been fixed in version 3.5.25.3-1+deb7u1.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.