CVE-2017-7976Integer Overflow or Wraparound in Jbig2dec

CWE-190Integer Overflow or Wraparound12 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 47.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Jbig2dec
Timeline
PublishedApr 19
Latest updateMay 17

Description

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

Debianartifex/jbig2dec< 0.13-4.1+3

🔴Vulnerability Details

3
GHSA
GHSA-h247-9cp2-w26h: Artifex jbig2dec 02022-05-17
OSV
CVE-2017-7976: Artifex jbig2dec 02017-04-19
CVEList
CVE-2017-7976: Artifex jbig2dec 02017-04-19

📋Vendor Advisories

3
Ubuntu
jbig2dec vulnerabilities2017-05-24
Red Hat
jbig2dec: Integer overflow in the jbig2_image_compose_function2017-03-24
Debian
CVE-2017-7976: jbig2dec - Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an intege...2017

💬Community

5
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 mupdf: various flaws [fedora-all]2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 ghostscript: various flaws [fedora-all]2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [epel-all]2017-04-20
Bugzilla
CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function2017-04-20
Bugzilla
CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 jbig2dec: various flaws [fedora-all]2017-04-20
CVE-2017-7976 — Integer Overflow or Wraparound | cvebase