CNNVD-202507-299 Information

CNNVD ID

CNNVD-202507-299

Related CVE

CVE-2025-53367

• CNNVD Published: 2025-07-03

Description (Chinese)

DjVuLibre是一款DjVu（计算机文件格式）的开源实现，它包括DjVu文件查看器、浏览器插件、DjVu文件解码/编码器和其它实用程序。 DjVuLibre 3.5.29之前版本存在安全漏洞，该漏洞源于MMRDecoder::scanruns方法存在越界写入漏洞，可能导致堆损坏。

Description (English)

DjVuLibre is an open source for a section of DjVu (computer file format), which includes a DjVu file viewer, browser plugin, DjVu file decoder/codifier and other practical applications. There was a security gap in the previous version of DjVuLibre 3.5.29, which stemmed from the cross-border writing gap in the MMRDecoder::scanruns method, which could lead to damage to piles.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-03

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-53367 https://access.redhat.com/security/cve/cve-2025-53367

Patch

https://djvu.sourceforge.net/