ELA-434-1 djvulibre security update

multiple vulnerabilities

2021-05-26
Packagedjvulibre
Version3.5.25.4-4+deb8u3
Related CVEs CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493

Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files.

For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u3.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/