关键漏洞信息 漏洞编号: CVE-2025-53367 (GHSL-2025-055) 受影响版本: DjVuLibre version 3.5.28 及之前版本 修复版本: DjVuLibre version 3.5.29 漏洞类型: Out-of-bounds write in the method 影响范围: Linux Desktop systems when opening a crafted document 发现者: Antonio Morales 报告日期: 2025-07-01 修复日期: 2025-07-03 漏洞细节 问题描述: The method does not check that the pointer stays within the bounds of the allocated buffer, leading to an out-of-bounds write vulnerability. 潜在风险: This can result in heap corruption and code execution on a Linux Desktop system. 时间线 2025-07-01: Reported via email to the authors: Léon Bottou, Bill Riemers 2025-07-02: Responses received from Bill Riemers and Léon Bottou; Fix commit added by Léon Bottou 2025-07-03: DjVuLibre version 3.5.29 released 致谢 Léon Bottou and Bill Riemers for their quick response and fix release.