Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
djvulibre to version 126.96.36.199-7+deb9u2 or higher.