Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-7885
HistoryApr 16, 2017 - 12:00 a.m.

CVE-2017-7885

2017-04-1600:00:00
ubuntu.com
ubuntu.com
6

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

45.7%

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial
of service (application crash) or disclosure of sensitive information from
process memory, because of an integer overflow in the
jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a
during operation on a crafted .jb2 file.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchjbig2dec< 0.11+20120125-1ubuntu1.1UNKNOWN
ubuntu16.04noarchjbig2dec< 0.12+20150918-1ubuntu0.1UNKNOWN
ubuntu16.10noarchjbig2dec< 0.13-2ubuntu0.1UNKNOWN
ubuntu17.04noarchjbig2dec< 0.13-4ubuntu0.1UNKNOWN

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

45.7%