CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
17.0%
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV
vulnerability via jbig2_error at /jbig2dec/jbig2.c.
Author | Note |
---|---|
Priority reason: Just a denial of service in a command line tool | |
mdeslaur | null pointer dereference bug listed below contains similar issue as of 2023-11-01, there is no fix available from the jbig2dec developers |
ccdm94 | fix released on 2023-11-05. focal and earlier are not affected by this issue, as they do not include the changes from commit f9d37c7c, meaning, the uninitialized variable that causes the issue is not present in the code. |
mdeslaur | This is just an out-of-bounds read in a command-line tool resulting in a denial of service. |