DebianDEBIAN:DLA-942-1:1D130[SECURITY] [DLA 942-1] jbig2dec security update
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
46.2%
Package : jbig2dec
Version : 0.13-4~deb7u2
CVE ID : CVE-2017-7885 CVE-2017-7975 CVE-2017-7976
CVE-2017-7885
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to
denial of service (application crash) or disclosure of sensitive
information from process memory, because of an integer overflow
in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c
in libjbig2dec.a during operation on a crafted .jb2 file.
CVE-2017-7975
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds
writes because of an integer overflow in the jbig2_build_huffman_table
function in jbig2_huffman.c during operations on a crafted JBIG2 file,
leading to a denial of service (application crash) or possibly
execution of arbitrary code.
CVE-2017-7976
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because
of an integer overflow in the jbig2_image_compose function in
jbig2_image.c during operations on a crafted .jb2 file, leading
to a denial of service (application crash) or disclosure of
sensitive information from process memory.
For Debian 7 "Wheezy", these problems have been fixed in version
0.13-4~deb7u2.
We recommend that you upgrade your jbig2dec packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | armhf | jbig2dec | < 0.13-4~deb8u2 | jbig2dec_0.13-4~deb8u2_armhf.deb |
| Debian | 8 | kfreebsd-i386 | jbig2dec | < 0.13-4~deb8u2 | jbig2dec_0.13-4~deb8u2_kfreebsd-i386.deb |
| Debian | 8 | kfreebsd-i386 | libjbig2dec0 | < 0.13-4~deb8u2 | libjbig2dec0_0.13-4~deb8u2_kfreebsd-i386.deb |
| Debian | 7 | amd64 | libjbig2dec0 | < 0.13-4~deb7u2 | libjbig2dec0_0.13-4~deb7u2_amd64.deb |
| Debian | 8 | armhf | libjbig2dec0-dev | < 0.13-4~deb8u2 | libjbig2dec0-dev_0.13-4~deb8u2_armhf.deb |
| Debian | 8 | kfreebsd-i386 | libjbig2dec0-dev | < 0.13-4~deb8u2 | libjbig2dec0-dev_0.13-4~deb8u2_kfreebsd-i386.deb |
| Debian | 8 | s390x | jbig2dec | < 0.13-4~deb8u2 | jbig2dec_0.13-4~deb8u2_s390x.deb |
| Debian | 8 | amd64 | libjbig2dec0 | < 0.13-4~deb8u2 | libjbig2dec0_0.13-4~deb8u2_amd64.deb |
| Debian | 7 | i386 | jbig2dec | < 0.13-4~deb7u2 | jbig2dec_0.13-4~deb7u2_i386.deb |
| Debian | 8 | mips | libjbig2dec0-dev | < 0.13-4~deb8u2 | libjbig2dec0-dev_0.13-4~deb8u2_mips.deb |
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
46.2%