PT-2017-18040 · Artifex+1 · Jbig2Dec+1

Icepng

Published

2017-04-19

Updated

2024-06-15

CVE-2017-7976

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Artifex jbig2dec version 0.13

Description The issue is caused by an integer overflow in the jbig2 image compose function in jbig2 image.c when processing a crafted .jb2 file. This can lead to out-of-bounds writes and reads, resulting in a denial of service (application crash) or disclosure of sensitive information from process memory.

Recommendations For Artifex jbig2dec version 0.13, consider applying a patch or fix to address the integer overflow in the jbig2 image compose function to prevent out-of-bounds writes and reads. As a temporary workaround, restrict the processing of untrusted .jb2 files to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-7976

DLA-942-1

DSA-3855-1

MGASA-2017-0206

OPENSUSE-SU-2024:11068-1

USN-3297-1

Affected Products

Ubuntu

Jbig2Dec

PT-2017-18040 · Artifex+1 · Jbig2Dec+1

CVE-2017-7976

Weakness Enumeration

Related Identifiers

Affected Products

References · 47