CVE-2017-9216

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.

References

http://www.securityfocus.com/bid/98680

https://bugs.ghostscript.com/show_bug.cgi?id=697934

Details

Source: MITRE

Published: 2017-05-24

Updated: 2017-06-06

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:gpl_ghostscript:*:*

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:mupdf:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
153342EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2021-2372)NessusHuawei Local Security Checks
high
135661EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)NessusHuawei Local Security Checks
critical
134529EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)NessusHuawei Local Security Checks
critical
132121EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2586)NessusHuawei Local Security Checks
high
131802EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2528)NessusHuawei Local Security Checks
high
109572SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:1140-1)NessusSuSE Local Security Checks
high
106745SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:0407-1)NessusSuSE Local Security Checks
high
106744openSUSE Security Update : ghostscript (openSUSE-2018-157)NessusSuSE Local Security Checks
high
105974Fedora 27 : ghostscript / poppler-data (2017-c9b0c406b3)NessusFedora Local Security Checks
high
105942Fedora 27 : mupdf (2017-a1ad512b22)NessusFedora Local Security Checks
high
105844Fedora 27 : jbig2dec (2017-2e5119be33)NessusFedora Local Security Checks
medium
105132Fedora 25 : mupdf (2017-9ae6e39bde)NessusFedora Local Security Checks
high
104976Fedora 26 : mupdf (2017-267f37c544)NessusFedora Local Security Checks
high
104832Fedora 25 : jbig2dec (2017-ed565f9ed0)NessusFedora Local Security Checks
medium
104725Fedora 26 : jbig2dec (2017-13f0fd3028)NessusFedora Local Security Checks
medium