Skip to content

Commit 3b300fd

Browse files
kevinbackhousekevinbackhouse
authored
Merge pull request #897 from kevinbackhouse/DjVuLibre-CVE-2025-53367
Fuzzer-generated poc for DjVuLibre CVE-2025-53367
2 parents fe9fa1a + b47dd28 commit 3b300fd

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# Proof of concept for DjVuLibre CVE-2025-53367
2+
3+
At this time, we are only sharing @antonio-morales's original
4+
fuzzer-generated poc, so that people can quickly test whether they're
5+
running a vulnerable version of DjVuLibre. This poc only causes the
6+
DjVuLibre library to crash. We are delaying publication of our more
7+
sophisticated poc, which is able to bypass ASLR and gain code
8+
execution.
9+
10+
[Fuzzer-generated poc file](./fuzzer-poc.djvu)
11+
12+
## Links:
13+
14+
* https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
15+
* https://www.openwall.com/lists/oss-security/2025/07/03/1
16+
* https://securitylab.github.com/advisories/GHSL-2025-055_DjVuLibre/

SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/fuzzer-poc.djvu

272 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)