CVE-2017-7885

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.

References

http://www.debian.org/security/2017/dsa-3855

https://bugs.ghostscript.com/show_bug.cgi?id=697703

https://security.gentoo.org/glsa/201708-10

Details

Source: MITRE

Published: 2017-04-17

Updated: 2017-11-04

Type: CWE-190

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
135661EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)NessusHuawei Local Security Checks
critical
134529EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)NessusHuawei Local Security Checks
critical
132121EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2586)NessusHuawei Local Security Checks
high
131862EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-2370)NessusHuawei Local Security Checks
high
131802EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2528)NessusHuawei Local Security Checks
high
102799GLSA-201708-10 : jbig2dec: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
101730Fedora 26 : mupdf (2017-d80262b43f)NessusFedora Local Security Checks
high
101707Fedora 26 : jbig2dec (2017-b7234d284e)NessusFedora Local Security Checks
high
101695Fedora 26 : ghostscript (2017-a606d224a5)NessusFedora Local Security Checks
high
100488Fedora 25 : mupdf (2017-5135c91b36)NessusFedora Local Security Checks
high
100413Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : jbig2dec vulnerabilities (USN-3297-1)NessusUbuntu Local Security Checks
high
100310Fedora 25 : jbig2dec (2017-58170ecb09)NessusFedora Local Security Checks
high
100277Debian DSA-3855-1 : jbig2dec - security updateNessusDebian Local Security Checks
high
100201Fedora 24 : ghostscript (2017-fae1506f94)NessusFedora Local Security Checks
high
100177Debian DLA-942-1 : jbig2dec security updateNessusDebian Local Security Checks
high
100013Fedora 25 : ghostscript (2017-c85c0e5637)NessusFedora Local Security Checks
high