Critical Vulnerability Information Vulnerability ID: CVE-2025-53367 (GHSL-2025-055) Affected Versions: DjVuLibre version 3.5.28 and earlier Fixed Version: DjVuLibre version 3.5.29 Vulnerability Type: Out-of-bounds write in the method Impact Scope: Linux Desktop systems when opening a crafted document Discoverer: Antonio Morales Report Date: 2025-07-01 Fix Date: 2025-07-03 Vulnerability Details Description: The method does not verify that the pointer remains within the bounds of the allocated buffer, resulting in an out-of-bounds write vulnerability. Potential Risk: This may lead to heap corruption and code execution on a Linux Desktop system. Timeline 2025-07-01: Reported via email to authors: Léon Bottou, Bill Riemers 2025-07-02: Responses received from Bill Riemers and Léon Bottou; Fix commit added by Léon Bottou 2025-07-03: DjVuLibre version 3.5.29 released Acknowledgments Léon Bottou and Bill Riemers for their prompt response and timely fix release.