CVE-2017-9216NULL Pointer Dereference in Jbig2dec

CWE-476NULL Pointer DereferenceCWE-391Unchecked Error Condition13 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 24.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex Jbig2decDebian Linux
Timeline
PublishedMay 24
Latest updateMay 13

Description

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianartifex/jbig2dec< 0.13-5+3
Ubuntuartifex/jbig2dec< 0.12+20150918-1ubuntu0.1+esm2

Also affects: Debian Linux 9.0

Patches

Patch: bugs.ghostscript.comPatch: bugs.ghostscript.com

🔴Vulnerability Details

4
GHSA
GHSA-654p-55pp-9qjq: libjbig2dec2022-05-13
OSV
jbig2dec vulnerabilities2022-05-05
CVEList
CVE-2017-9216: libjbig2dec2017-05-24
OSV
CVE-2017-9216: libjbig2dec2017-05-24

📋Vendor Advisories

3
Ubuntu
jbig2dec vulnerabilities2022-05-05
Red Hat
jbig2dec: Null pointer dereference in jbig2_huffman_get()2017-05-23
Debian
CVE-2017-9216: jbig2dec - libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a ...2017

💬Community

5
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get()2017-05-30
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [epel-all]2017-05-30
Bugzilla
CVE-2017-9216 ghostscript: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]2017-05-30
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]2017-05-30
Bugzilla
CVE-2017-9216 mupdf: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]2017-05-30
CVE-2017-9216 — NULL Pointer Dereference in Jbig2dec | cvebase