CVE-2017-7885

Name of the Vulnerable Software and Affected Versions Artifex jbig2dec version 0.13

Description The issue is related to a heap-based buffer over-read that can cause a denial of service, resulting in an application crash, or potentially disclose sensitive information from process memory. This occurs due to an integer overflow in the jbig2 decode symbol dict function, located in jbig2 symbol dict.c within libjbig2dec.a, when the software operates on a crafted .jb2 file.

Recommendations For Artifex jbig2dec version 0.13, consider avoiding the use of crafted .jb2 files until a patch is available. As a temporary workaround, restrict the processing of .jb2 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.