CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

GitHub Security Lab disclosed CVE-2025-53367: an out-of-bounds write in DjVuLibre's MMRDecoder::scanruns that can be triggered by a crafted DjVu document and lead to code execution when opened by Linux document viewers (e.g., Evince/Papers). The report describes the faulty pointer handling between lineruns and prevruns, includes code excerpts, and references a proof-of-concept exploit demonstrating execution on Ubuntu 25.04; a fix was released quickly after reporting.