CVE-2017-9216
published 2017-05-24CVE-2017-9216: libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c…
PriorityP428medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
3.45%
87.6th percentile
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | jbig2dec | — | — |
| artifex | jbig2dec | >= 0 < 0.13-5 | 0.13-5 |
| artifex | jbig2dec | >= 0 < 0.13-5 | 0.13-5 |
| artifex | jbig2dec | >= 0 < 0.13-5 | 0.13-5 |
| artifex | jbig2dec | >= 0 < 0.13-5 | 0.13-5 |
| artifex | jbig2dec | >= 0 < 0.12+20150918-1ubuntu0.1+esm2 | 0.12+20150918-1ubuntu0.1+esm2 |
| debian | debian_linux | — | — |
| debian | jbig2dec | < jbig2dec 0.13-5 (bookworm) | jbig2dec 0.13-5 (bookworm) |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
jbig2dec vulnerabilities
vendor_ubuntu·2022-05-05·CVSS 6.5
CVE-2017-9216 [MEDIUM] jbig2dec vulnerabilities
Title: jbig2dec vulnerabilities
Summary: Several security issues were fixed in jbig2dec.
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)
It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
jbig2dec: Null pointer dereference in jbig2_huffman_get()
vendor_redhat·2017-05-23·CVSS 6.5
CVE-2017-9216 [MEDIUM] CWE-391 jbig2dec: Null pointer dereference in jbig2_huffman_get()
jbig2dec: Null pointer dereference in jbig2_huffman_get()
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Package: ghostscript (Red Hat Enterprise Linux 5) - Will not fix
Package: ghostscript (Red Hat Enterprise Linux 6) - Will not fix
Package: ghostscript (Red Hat Enterprise Linux 7) - Will not fix
Package: ghostscript (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2017-9216: jbig2dec - libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a ...
vendor_debian·2017·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216: jbig2dec - libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a ...
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Scope: local
bookworm: resolved (fixed in 0.13-5)
bullseye: resolved (fixed in 0.13-5)
forky: resolved (fixed in 0.13-5)
sid: resolved (fixed in 0.13-5)
trixie: resolved (fixed in 0.13-5)
GHSA
GHSA-654p-55pp-9qjq: libjbig2dec
ghsa_unreviewed·2022-05-13
CVE-2017-9216 [MEDIUM] CWE-476 GHSA-654p-55pp-9qjq: libjbig2dec
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
OSV
jbig2dec vulnerabilities
osv·2022-05-05·CVSS 6.5
CVE-2017-9216 [MEDIUM] jbig2dec vulnerabilities
jbig2dec vulnerabilities
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)
It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
OSV
CVE-2017-9216: libjbig2dec
osv·2017-05-24·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216: libjbig2dec
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get()
bugzilla·2017-05-30·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get()
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get()
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Upstream bug:
https://bugs.ghostscript.com/show_bug.cgi?id=697934
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1456729]
Created jbig2dec tracking bugs for this issue:
Affects: epel-all [bug 1456732]
Affects: fedora-all [bug 1456730]
Created mupdf tracking bugs for this issue:
Affects: fedora-all [bug 1456
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [epel-all]
bugzilla·2017-05-30·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [epel-all]
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versi
Bugzilla
CVE-2017-9216 ghostscript: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
bugzilla·2017-05-30·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216 ghostscript: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
CVE-2017-9216 ghostscript: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
bugzilla·2017-05-30·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
CVE-2017-9216 jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2017-9216 mupdf: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
bugzilla·2017-05-30·CVSS 6.5
CVE-2017-9216 [MEDIUM] CVE-2017-9216 mupdf: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
CVE-2017-9216 mupdf: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
http://www.securityfocus.com/bid/98680https://bugs.ghostscript.com/show_bug.cgi?id=697934https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3ebffb1d96ba0cacec23016eccb4047dab365853https://lists.debian.org/debian-lts-announce/2021/10/msg00023.htmlhttp://www.securityfocus.com/bid/98680https://bugs.ghostscript.com/show_bug.cgi?id=697934https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
2017-05-24
Published