MGASA-2017-0206

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0206.html

Import Source

https://advisories.mageia.org/MGASA-2017-0206.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0206

Related

Published

2017-07-13T09:10:46Z

Modified

2017-07-13T08:47:03Z

Summary

Updated jbig2dec packages fix security vulnerability

Details

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened (CVE-2016-9601).

Artifex jbig2dec has a heap-based buffer over-read leading to denial of service (application crash) because of an integer overflow in the jbig2decodesymboldict function in jbig2symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file (CVE-2017-7885).

Artifex jbig2dec allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code (CVE-2017-7975).

Artifex jbig2dec allows out-of-bounds writes and reads because of an integer overflow in the jbig2imagecompose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) (CVE-2017-7976).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0206

Affected packages