ID CVE-2017-7885
Summary Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:jbig2dec:0.13
    cpe:2.3:a:artifex:jbig2dec:0.13
CVSS
Base: 5.8 (as of 24-04-2017 - 11:44)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-58170ECB09.NASL
    description Security fix for CVE-2017-7885 CVE-2017-7975 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 100310
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100310
    title Fedora 25 : jbig2dec (2017-58170ecb09)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3297-1.NASL
    description Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601) It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885) Jiaqi Peng discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975) Dai Ge discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100413
    published 2017-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100413
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : jbig2dec vulnerabilities (USN-3297-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-5135C91B36.NASL
    description Fix for CVE-2016-8728 CVE-2016-8729 ---- Rebuild with new jbig2dec Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 100488
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100488
    title Fedora 25 : mupdf (2017-5135c91b36)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201708-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201708-10 (jbig2dec: User-assisted execution of arbitrary code) Integer overflow errors have been discovered in the jbig2_decode_symbol_dict, jbig2_build_huffman_table, and jbig2_image_compose functions of jbig2dec. Impact : A remote attacker, by enticing a user to open a specially crafted JBIG2 file using an application linked against jbig2dec, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102799
    published 2017-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102799
    title GLSA-201708-10 : jbig2dec: User-assisted execution of arbitrary code
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3855.NASL
    description Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100277
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100277
    title Debian DSA-3855-1 : jbig2dec - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-B7234D284E.NASL
    description Prevent segserv due to int overflow (#1443898) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101707
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101707
    title Fedora 26 : jbig2dec (2017-b7234d284e)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-D80262B43F.NASL
    description Rebuild with new jbig2dec(#1443933) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101730
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101730
    title Fedora 26 : mupdf (2017-d80262b43f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-FAE1506F94.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 100201
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100201
    title Fedora 24 : ghostscript (2017-fae1506f94)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-942.NASL
    description CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. CVE-2017-7975 Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. CVE-2017-7976 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. For Debian 7 'Wheezy', these problems have been fixed in version 0.13-4~deb7u2. We recommend that you upgrade your jbig2dec packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 100177
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100177
    title Debian DLA-942-1 : jbig2dec security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A606D224A5.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101695
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101695
    title Fedora 26 : ghostscript (2017-a606d224a5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-C85C0E5637.NASL
    description Security fixes release for these CVEs : - [CVE-2016-10217](https://access.redhat.com/security/cve/ CVE-2016-10217) *(use-after-free and application crash)* - [CVE-2016-10218](https://access.redhat.com/security/cve/ CVE-2016-10218) *(NULL pointer dereference and application crash)* - [CVE-2016-10219](https://access.redhat.com/security/cve/ CVE-2016-10219) *(divide-by-zero error and application crash)* - [CVE-2016-10220](https://access.redhat.com/security/cve/ CVE-2016-10220) *(NULL pointer dereference and application crash)* - [CVE-2017-5951](https://access.redhat.com/security/cve/C VE-2017-5951) *(NULL pointer dereference and application crash)* - [CVE-2017-7975](https://access.redhat.com/security/cve/C VE-2017-7975) *(application crash or possible execution of arbitrary code)* - [CVE-2017-8291](https://access.redhat.com/security/cve/C VE-2017-8291) *( -dSAFER bypass and remote command execution)* Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 100013
    published 2017-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100013
    title Fedora 25 : ghostscript (2017-c85c0e5637)
refmap via4
debian DSA-3855
gentoo GLSA-201708-10
misc https://bugs.ghostscript.com/show_bug.cgi?id=697703
Last major update 24-04-2017 - 20:42
Published 16-04-2017 - 20:59
Last modified 03-11-2017 - 21:29
Back to Top