Start your free trial today.
Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.
Your Shield Against Threats
Unleash the Power of Cybersecurity
Boost Your Security, Enhance Your Business
We solve Your Cyber Challenges
Quick Links
Resources
Deepaegis Portals
2025 Deepaegis. All Rights Reserved.
DjVuLibre contains an out-of-bounds write vulnerability in the MMRDecoder::scanruns method that can lead to code execution on Linux systems when a crafted DjVu document is opened.
Successful exploitation can result in arbitrary code execution. Attackers can exploit this issue through a specially crafted DjVu document disguised as a PDF file. When opened in default Linux document viewers like Evince or Papers, it triggers the vulnerability via DjVuLibre backend decoding, leading to heap corruption and potential command execution.
DjVuLibre
Affected Version: v3.5.28 and earlier
Remediation: Update to DjVuLibre version 3.5.29 or later. A patch has been released that resolves this vulnerability by ensuring buffer boundaries are respected in scanruns() method.
Exploit Added Date: 7/2/2025
Fix included in DjVuLibre v3.5.29
Avoid opening DjVu files from untrusted sources
Apply the latest update
Monitor document viewers for abnormal child process execution (e.g., unexpected browser launches)
6/30/2025
7/2/2025
No references provided
No affected organizations specified
This document contains sensitive information. Unauthorized distribution is prohibited.