Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
djvulibre to version 184.108.40.206-7+deb9u1 or higher.