Heap-Based Buffer Over-read in Artifex JBIG2Dec Affects Software Stability
CVE-2017-7885

7.1HIGH

Key Information:

Vendor
Artifex
Status
Jbig2dec
Vendor
CVE Published:
17 April 2017

Summary

A vulnerability exists in Artifex jbig2dec 0.13 that allows for a heap-based buffer over-read, potentially resulting in a denial of service due to application crashes or the unintended disclosure of sensitive information from process memory. This issue arises from an integer overflow within the jbig2_decode_symbol_dict function located in jbig2_symbol_dict.c when handling specially crafted .jb2 files.

References

http://www.debian.org/security/2017/dsa-3855
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201708-10
vendor-advisoryx_refsource_GENTOO
https://bugs.ghostscript.com/show_bug.cgi?id=697703
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.