ELA-454-1 djvulibre security update

crash or segfault

2021-07-04
Packagedjvulibre
Version3.5.25.4-4+deb8u4
Related CVEs CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault.

For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u4.

We recommend that you upgrade your djvulibre packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/