Artifex Jbig2Dec vulnerabilities

CVE-2023-46361 [MEDIUM] CWE-400 CVE-2023-46361: Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /j Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.

CVE-2020-12268 [CRITICAL] CWE-787 CVE-2020-12268: jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflo jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

CVE-2016-8729 [HIGH] CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1 An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.

CVE-2016-9601 [MEDIUM] CWE-190 CVE-2016-9601: ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

CVE-2017-9216 [MEDIUM] CWE-476 CVE-2017-9216: libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer derefer libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.

CVE-2017-7975 [HIGH] CWE-190 CVE-2017-7975: Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer ove Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.

CVE-2017-7976 [HIGH] CWE-190 CVE-2017-7976: Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jb Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.

CVE-2017-7885 [HIGH] CWE-190 CVE-2017-7885: Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application cr Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.