Out-of-Bounds Write Vulnerability in Artifex jbig2dec Product
CVE-2017-7976

7.1HIGH

Key Information:

Vendor

Artifex
Status
Jbig2dec
Vendor
CVE Published:
19 April 2017

What is CVE-2017-7976?

Artifex jbig2dec version 0.13 is susceptible to an out-of-bounds vulnerability during the processing of crafted .jb2 files. An integer overflow in the jbig2_image_compose function within jbig2_image.c can be exploited, potentially leading to a denial of service through application crashes or enabling the disclosure of sensitive information from the process memory.

References

https://bugs.ghostscript.com/show_bug.cgi?id=697683
x_refsource_MISC
http://www.debian.org/security/2017/dsa-3855
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201708-10
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-7976 : Out-of-Bounds Write Vulnerability in Artifex jbig2dec Product