From: Nick Permyakov Subject: Re: Patch to fix CVE-2025-53367 in graphics/djvulibre To: ports@openbsd.org Date: Fri, 17 Apr 2026 21:50:06 +0400 Ping. This vulnerability seems to have high severity. On Fri, Apr 10, 2026 at 6:27 PM Nick Permyakov wrote: > > Hi, > > Here's an upstream patch that fixes a potential buffer overflow in graphics/djvulibre. > > Best regards, > Nick Permyakov > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/graphics/djvulibre/Makefile,v > diff -u -p -u -r1.53 Makefile > --- Makefile 22 Jul 2025 12:40:55 -0000 1.53 > +++ Makefile 9 Apr 2026 21:13:52 -0000 > @@ -1,7 +1,7 @@ > COMMENT= view, decode and encode DjVu files > > DISTNAME= djvulibre-3.5.28 > -REVISION= 4 > +REVISION= 5 > SHARED_LIBS= djvulibre 27.0 # 28.0 > CATEGORIES= graphics print > > Index: patches/patch-libdjvu_MMRDecoder_cpp > =================================================================== > RCS file: patches/patch-libdjvu_MMRDecoder_cpp > diff -N patches/patch-libdjvu_MMRDecoder_cpp > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-libdjvu_MMRDecoder_cpp 9 Apr 2026 21:13:52 -0000 > @@ -0,0 +1,25 @@ > +Fix CVE-2025-53367: potential buffer overflow in MMRDecoder > +https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/ > + > +Index: libdjvu/MMRDecoder.cpp > +--- libdjvu/MMRDecoder.cpp.orig > ++++ libdjvu/MMRDecoder.cpp > +@@ -589,6 +589,9 @@ MMRDecoder::scanruns(const unsigned short **endptr) > + int a0,rle,b1; > + for(a0=0,rle=0,b1=*pr++;a0 < width;) > + { > ++ // Check for buffer overflow > ++ if (xr > lineruns+width+2 || pr > prevruns+width+2) > ++ G_THROW(invalid_mmr_data); > + // Process MMR codes > + const int c=mrtable->decode(src); > + switch ( c ) > +@@ -714,7 +717,7 @@ > + rle++; > + a0++; > + } > +- if (a0 > width) > ++ if (a0 > width || xr > lineruns+width+2) > + G_THROW(invalid_mmr_data); > + } > + // Analyze uncompressed termination code. > >