CVE-2017-7976

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.

References

http://www.debian.org/security/2017/dsa-3855

https://bugs.ghostscript.com/show_bug.cgi?id=697683

https://security.gentoo.org/glsa/201708-10

Details

Source: MITRE

Published: 2017-04-19

Updated: 2017-11-04

Type: CWE-190

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
153342EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2021-2372)NessusHuawei Local Security Checks
high
149171EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2021-1788)NessusHuawei Local Security Checks
high
135661EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)NessusHuawei Local Security Checks
critical
134529EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)NessusHuawei Local Security Checks
critical
131802EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2528)NessusHuawei Local Security Checks
high
104766openSUSE Security Update : mupdf (openSUSE-2017-1300)NessusSuSE Local Security Checks
high
102799GLSA-201708-10 : jbig2dec: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
100413Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : jbig2dec vulnerabilities (USN-3297-1)NessusUbuntu Local Security Checks
high
100277Debian DSA-3855-1 : jbig2dec - security updateNessusDebian Local Security Checks
high
100177Debian DLA-942-1 : jbig2dec security updateNessusDebian Local Security Checks
high