Home

CVE-2017-7976

Description

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.292

Associated Vulnerability

VulnerabilityOS Platform
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_amd64.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-i386.debLinux
jbig2dec security update(DSA-3855-1) jbig2dec_0.13-4~deb8u2_kfreebsd-amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234