From b47dd28ccc2e588c23e0c038b5cbf944ee6b8b24 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Fri, 4 Jul 2025 21:04:45 +0100 Subject: [PATCH] Fuzzer-generated poc for DjVuLibre CVE-2025-53367 --- .../README.md | 16 ++++++++++++++++ .../fuzzer-poc.djvu | Bin 0 -> 272 bytes 2 files changed, 16 insertions(+) create mode 100644 SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/README.md create mode 100644 SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/fuzzer-poc.djvu diff --git a/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/README.md b/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/README.md new file mode 100644 index 0000000..ee17e55 --- /dev/null +++ b/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/README.md @@ -0,0 +1,16 @@ +# Proof of concept for DjVuLibre CVE-2025-53367 + +At this time, we are only sharing @antonio-morales's original +fuzzer-generated poc, so that people can quickly test whether they're +running a vulnerable version of DjVuLibre. This poc only causes the +DjVuLibre library to crash. We are delaying publication of our more +sophisticated poc, which is able to bypass ASLR and gain code +execution. + +[Fuzzer-generated poc file](./fuzzer-poc.djvu) + +## Links: + +* https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/ +* https://www.openwall.com/lists/oss-security/2025/07/03/1 +* https://securitylab.github.com/advisories/GHSL-2025-055_DjVuLibre/ \ No newline at end of file diff --git a/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/fuzzer-poc.djvu b/SecurityExploits/DjVuLibre/MMRDecoder_scanruns_CVE-2025-53367/fuzzer-poc.djvu new file mode 100644 index 0000000000000000000000000000000000000000..e4b6b16a05666acc322cb364789eb2710b66d03b GIT binary patch literal 272 zcmZ?s5Aw}(O!Rf}3Jdl0bMt3lU{F~8|38q@*RTJtudi#brf;jKudi>duMbuiQIZy% zn_C1@=j$89z`&^Qhy;9**ySJqHBSh)d0}w#mZu3|wb#JJ-{n68lb#2}eGH5Y4F3P! zfDU&v3G(%GNc7bMaReOQLLx${d|f