CVE-2025-53367

CVE-2025-53367

Name

CVE-2025-53367

Description

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
MISC	https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da
MISC	https://www.openwall.com/lists/oss-security/2025/07/03/1
MISC	https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre
CONFIRM	https://securitylab.github.com/advisories/GHSL-2025-055_DjVuLibre/
MISC	https://github.com/github/securitylab/tree/main/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/07/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/07/03/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/07/18/3

Type

URI

security-advisories@github.com

https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/

MISC

https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da

MISC

https://www.openwall.com/lists/oss-security/2025/07/03/1

MISC

https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre

CONFIRM

https://securitylab.github.com/advisories/GHSL-2025-055_DjVuLibre/

MISC

https://github.com/github/securitylab/tree/main/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/07/msg00007.html

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/07/03/1

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/07/18/3

CPE URI	Source package	Min version	Max version
	djvulibre	>= 0	< 3.5.29

CPE URI

Source package

Min version

Max version

djvulibre

>= 0

< 3.5.29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
djvulibre	edge-community	3.5.28-r5	Celeste <cielesti@protonmail.com>	possibly vulnerable
djvulibre	edge-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	possibly vulnerable
djvulibre	edge-community	3.5.28-r3	Leon Bottou <leonb@bottou.org>	possibly vulnerable
djvulibre	edge-community	3.5.28-r2	Leon Bottou <leonb@bottou.org>	possibly vulnerable
djvulibre	edge-community	3.5.28-r1	Leon Bottou <leonb@bottou.org>	possibly vulnerable
djvulibre	3.22-community	3.5.28-r5	Celeste <cielesti@protonmail.com>	possibly vulnerable
djvulibre	3.22-community	3.5.28-r4	Leon Bottou <leonb@bottou.org>	possibly vulnerable
djvulibre	3.22-community	3.5.28-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

djvulibre

edge-community

3.5.28-r5

Celeste <cielesti@protonmail.com>

possibly vulnerable

djvulibre

edge-community