CVE-2025-53367 – DjVuLibre Out-of-Bounds Write and Read Vulnerability

July 3, 2025

CVE ID : CVE-2025-53367

Published : July 3, 2025, 9:15 p.m. | 2 hours, 5 minutes ago

Description : DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5322 – VikRentCar WordPress Car Rental Management System File Upload Vulnerability (Arbitrary File Upload)

Next Article CVE-2025-49826 – Next.js Cache Poisoning DoS Vulnerability

Highlights

CVE-2025-32441 – Rack Session Pool Session Hijacking Vulnerability

May 7, 2025

CVE ID : CVE-2025-32441

Published : May 7, 2025, 11:15 p.m. | 20 minutes ago

Description : Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests. When using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. Version 2.2.14 contains a patch for the issue. Some other mitigations are available. Either ensure the application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse; or implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-53367 – DjVuLibre Out-of-Bounds Write and Read Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Behavior-Driven Development (BDD) with Selenium and Cucumber

MODICIA O.S. – Linux multimedia distribution

The CSS Reset Contradiction

CVE-2025-2501 – Lenovo PC Manager Privilege Escalation Vulnerability

CVE-2025-32441 – Rack Session Pool Session Hijacking Vulnerability

CVE-2025-46833 – Apache SimplePythonEncryption RSA Brute Force Decryption Vulnerability

CVE-2025-6192 – Google Chrome Use After Free in Metrics

Weekly JavaScript Roundup: Friday Links 21, April 18, 2025

CVE-2025-53367 – DjVuLibre Out-of-Bounds Write and Read Vulnerability

Related Posts