jbig2dec is vulnerable to denial of service (DoS). The vulnerability jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
jbig2dec | eq | 0.15-r0 | |
jbig2dec:3.10 | eq | 0.16-r0 | |
jbig2dec:edge | eq | 0.17-r0 | |
jbig2dec | eq | 0.15-r0 | |
jbig2dec:3.10 | eq | 0.16-r0 | |
jbig2dec:edge | eq | 0.17-r0 |
lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html
bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
lists.debian.org/debian-lts-announce/2021/10/msg00023.html
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.9/main.yaml