USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "djview", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djview-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djview3", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djview3-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvulibre-bin", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvulibre-bin-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvulibre-dbg", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvulibre-desktop", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvuserve", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "djvuserve-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "libdjvulibre-dev", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "libdjvulibre-dev-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "libdjvulibre-text", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "libdjvulibre21", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" }, { "binary_name": "libdjvulibre21-dbgsym", "binary_version": "3.5.27.1-5ubuntu0.1+esm1" } ] }