CVE-2019-18804 (https://nvd.nist.gov/vuln/detail/CVE-2019-18804): DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
Downgraded to B3, looks like a DoS-only vulnerability. GLSA Vote: No! Repository is clean, all done.