Home

CVE-2017-7975

Description

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.267

Associated Vulnerability

VulnerabilityOS Platform
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234