ain/SecurityExploits/freedesktop/poppler-CVE-2025-52886
Thanks,
Kev
On Sat, Jul 12, 2025 at 12:01 AM Alan Coopersmith
wrote:
>
> https://securitylab.github.com/advisories/GHSL-2025-054_poppler/ advises:
>
> > July 1, 2025
> > GHSL-2025-054: Use After Free (UAF) in Poppler -
DjVuLibre version 3.5.29 was released today. It fixes CVE-2025-53367
(GHSL-2025-055), an out-of-bounds write in the MMRDecoder::scanruns
method. The vulnerability could be exploited to gain code execution on
a Linux Desktop system when the user tries to open a crafted document.
DjVu is a document
As promised, I've now published the full poc that achieves code
execution in evince/papers:
https://github.com/github/securitylab/tree/main/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367
Kev
On Thu, Jul 3, 2025 at 8:14 PM Kevin Backhouse
wrote:
>
> DjVuLibre version
