Medium: jbigkit

2014-09-18T00:34:00
ID ALAS-2014-337
Type amazon
Reporter Amazon
Modified 2014-09-18T00:34:00

Description

Issue Overview:

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.

Affected Packages:

jbigkit

Issue Correction:
Run yum update jbigkit to update your system.

New Packages:

i686:  
    jbigkit-debuginfo-2.0-11.4.amzn1.i686  
    jbigkit-libs-2.0-11.4.amzn1.i686  
    jbigkit-2.0-11.4.amzn1.i686  
    jbigkit-devel-2.0-11.4.amzn1.i686

src:  
    jbigkit-2.0-11.4.amzn1.src

x86_64:  
    jbigkit-2.0-11.4.amzn1.x86_64  
    jbigkit-devel-2.0-11.4.amzn1.x86_64  
    jbigkit-debuginfo-2.0-11.4.amzn1.x86_64  
    jbigkit-libs-2.0-11.4.amzn1.x86_64