1. Ubuntu Security Notices
  2. USN-8054-1

USN-8054-1: DjVuLibre vulnerabilities

Publication date

23 February 2026

Overview

Several security issues were fixed in DjVuLibre.

Releases

Packages

  • djvulibre - DjVu image format library and tools

Details

It was discovered that DjVuLibre could be forced to execute a division
by zero in certain instances. A remote attacker could possibly use
this issue to cause applications to stop responding or crash, resulting
in a denial of service. (CVE-2021-46312)

It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to stop responding or crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)

It was discovered that DjVuLibre could be forced to execute a division
by zero in certain instances. A remote attacker could possibly use
this issue to cause applications to stop responding or crash, resulting
in a denial of service. (CVE-2021-46312)

It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to stop responding or crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble libdjvulibre21 –  3.5.28-2ubuntu0.24.04.2
22.04 LTS jammy libdjvulibre21 –  3.5.28-2ubuntu0.22.04.2
20.04 LTS focal libdjvulibre21 –  3.5.27.1-14ubuntu0.1+esm1  
18.04 LTS bionic libdjvulibre21 –  3.5.27.1-8ubuntu0.4+esm1  
16.04 LTS xenial libdjvulibre21 –  3.5.27.1-5ubuntu0.1+esm3  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›