From: Nick Permyakov Subject: Patch to fix CVE-2025-53367 in graphics/djvulibre To: ports@openbsd.org Date: Fri, 10 Apr 2026 18:27:57 +0400 Hi, Here's an upstream patch that fixes a potential buffer overflow in graphics/djvulibre. Best regards, Nick Permyakov Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/djvulibre/Makefile,v diff -u -p -u -r1.53 Makefile --- Makefile 22 Jul 2025 12:40:55 -0000 1.53 +++ Makefile 9 Apr 2026 21:13:52 -0000 @@ -1,7 +1,7 @@ COMMENT= view, decode and encode DjVu files DISTNAME= djvulibre-3.5.28 -REVISION= 4 +REVISION= 5 SHARED_LIBS= djvulibre 27.0 # 28.0 CATEGORIES= graphics print Index: patches/patch-libdjvu_MMRDecoder_cpp =================================================================== RCS file: patches/patch-libdjvu_MMRDecoder_cpp diff -N patches/patch-libdjvu_MMRDecoder_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-libdjvu_MMRDecoder_cpp 9 Apr 2026 21:13:52 -0000 @@ -0,0 +1,25 @@ +Fix CVE-2025-53367: potential buffer overflow in MMRDecoder +https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/ + +Index: libdjvu/MMRDecoder.cpp +--- libdjvu/MMRDecoder.cpp.orig ++++ libdjvu/MMRDecoder.cpp +@@ -589,6 +589,9 @@ MMRDecoder::scanruns(const unsigned short **endptr) + int a0,rle,b1; + for(a0=0,rle=0,b1=*pr++;a0 < width;) + { ++ // Check for buffer overflow ++ if (xr > lineruns+width+2 || pr > prevruns+width+2) ++ G_THROW(invalid_mmr_data); + // Process MMR codes + const int c=mrtable->decode(src); + switch ( c ) +@@ -714,7 +717,7 @@ + rle++; + a0++; + } +- if (a0 > width) ++ if (a0 > width || xr > lineruns+width+2) + G_THROW(invalid_mmr_data); + } + // Analyze uncompressed termination code.