DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.Referenceshttp://www.debian.org/security/2014/dsa-2844http://www.ubuntu.com/usn/USN-2056-1http://technet.microsoft.com/security/msvr/msvr13-004
