The article describes two vulnerabilities in DjVuLibre: CVE-2021-46312 (CVSS 6.5), a division-by-zero flaw that can cause a denial of service, and CVE-2025-53367, a memory handling issue that, when processing a malicious DjVu file, can lead to denial of service or arbitrary code execution. According to the NVD, CVE-2021-46312 affects djvulibre version 3.5.28, while the article states CVE-2025-53367 specifically impacts Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS. The article does not provide specific fixed version numbers or workarounds for these CVEs.
It was discovered that DjVuLibre could be forced to execute a division by zero in certain instances. A remote attacker could possibly use this issue to cause applications to stop responding or crash, resulting in a denial of service. (CVE-2021-46312) It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)