Home

CVE-2017-7885

Description

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.287

Associated Vulnerability

VulnerabilityOS Platform
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234