CVE-2025-53367
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DjVuLibre occurs in the MMRDecoder::scanruns method, where it fails to ensure that a pointer (xr) remains within the allocated buffer boundaries. This leads to out-of-bounds writes and reads, causing heap corruption and potential memory safety issues. It affects versions prior to 3.5.29 and has been fixed in that version.
How can this vulnerability impact me? :
The vulnerability can lead to heap corruption due to out-of-bounds memory writes and reads. This can cause application crashes, data corruption, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade DjVuLibre to version 3.5.29 or later, where the issue has been patched.