CVE-2017-7976

Name of the Vulnerable Software and Affected Versions Artifex jbig2dec version 0.13

Description The issue is caused by an integer overflow in the jbig2 image compose function in jbig2 image.c when processing a crafted .jb2 file. This can lead to out-of-bounds writes and reads, resulting in a denial of service (application crash) or disclosure of sensitive information from process memory.

Recommendations For Artifex jbig2dec version 0.13, consider applying a patch or fix to address the integer overflow in the jbig2 image compose function to prevent out-of-bounds writes and reads. As a temporary workaround, restrict the processing of untrusted .jb2 files to minimize the risk of exploitation.