DjVuLibre 3.5.27 NULL Pointer Dereference Vulnerability


DjVu is a web-centric format for distributing documents and images. DjVu was created at AT&T Labs-Research and later sold to LizardTech Inc. DjVuLibre is a GPL implementation of DjVu maintained by the original inventors of DjVu.


The information has been provided by Vendor

The original article can be found at:



DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.


Vulnerable Systems:

DjVuLibre 3.5.27 


CVE Information:


Disclosure Timeline:
Published Date:11/7/2019