CVE-2017-7975 — Integer Overflow or Wraparound in Jbig2dec

CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Jbig2dec

Timeline

PublishedApr 19

Latest updateMay 17

Description

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianartifex/jbig2dec< 0.13-4.1+3

▶NVDartifex/jbig2dec0.13

🔴Vulnerability Details

GHSA

GHSA-8rh8-m25j-rhmp: Artifex jbig2dec 0↗2022-05-17

▶

OSV

CVE-2017-7975: Artifex jbig2dec 0↗2017-04-19

▶

CVEList

CVE-2017-7975: Artifex jbig2dec 0↗2017-04-19

▶

📋Vendor Advisories

Ubuntu

jbig2dec vulnerabilities↗2017-05-24

▶

Red Hat

jbig2dec: Integer overflow in jbig2_build_huffman_table allows OOB write↗2017-03-27

▶

Debian

CVE-2017-7975: jbig2dec - Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes becau...↗2017

▶

💬Community

Bugzilla

CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 mupdf: various flaws [fedora-all]↗2017-04-20

▶

Bugzilla

CVE-2017-7975 jbig2dec: Integer overflow in jbig2_build_huffman_table allows OOB write↗2017-04-20

▶

Bugzilla

CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 ghostscript: various flaws [fedora-all]↗2017-04-20

▶

Bugzilla

CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [epel-all]↗2017-04-20

▶

Bugzilla

CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [fedora-all]↗2017-04-20

▶