CVE-2017-7885Integer Overflow or Wraparound in Jbig2dec

CWE-190Integer Overflow or Wraparound13 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 47.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Jbig2dec
Timeline
PublishedApr 17
Latest updateMay 17

Description

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

Debianartifex/jbig2dec< 0.13-4.1+3

🔴Vulnerability Details

4
GHSA
GHSA-9rxh-wvvf-hh9j: Artifex jbig2dec 02022-05-17
OSV
jbig2dec vulnerabilities2017-05-24
CVEList
CVE-2017-7885: Artifex jbig2dec 02017-04-17
OSV
CVE-2017-7885: Artifex jbig2dec 02017-04-17

📋Vendor Advisories

3
Ubuntu
jbig2dec vulnerabilities2017-05-24
Red Hat
jbig2dec: Integer overflow in jbig2_decode_symbol_dict2017-03-30
Debian
CVE-2017-7885: jbig2dec - Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of ser...2017

💬Community

5
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 mupdf: various flaws [fedora-all]2017-04-20
Bugzilla
CVE-2017-7885 jbig2dec: Integer overflow in jbig2_decode_symbol_dict2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 ghostscript: various flaws [fedora-all]2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [epel-all]2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [fedora-all]2017-04-20
CVE-2017-7885 — Integer Overflow or Wraparound | cvebase