CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-12268 – jbig2dec: heap-based buffer overflow in jbig2_image_compose in jbig2_image.c
https://notcve.org/view.php?id=CVE-2020-12268
27 Apr 2020 — jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. La función jbig2_image_compose en el archivo jbig2_image.c en Artifex jbig2dec versiones anteriores a la versión 0.18, tiene un desbordamiento de búfer en la región heap de la memoria. An integer overflow was found in jbig2dec, which causes an out-of-bounds read/write in the jbig2_image_compose function. This flaw could potentially result in the execution of code on the system. Applications that use jbig2d... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9216 – Ubuntu Security Notice USN-5405-1
https://notcve.org/view.php?id=CVE-2017-9216
24 May 2017 — libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. El archivo libjbig2dec.a en Artifex jbig2dec versión 0.13, tal como es usado en MuPDF y Ghostscript, presenta una desreferencia de un puntero NULL en la función jbig2_huffman_get en el archivo jbig2_huffman.c. Por ejemplo, la utilidad jbig2dec se bloqueará ... • http://www.securityfocus.com/bid/98680 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7976 – Gentoo Linux Security Advisory 201708-10
https://notcve.org/view.php?id=CVE-2017-7976
19 Apr 2017 — Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. Artifex jbig2dec 0.13 permite escrituras y lecturas fuera de límites debido a un desbordamiento de entero en la función jbig2_image_compose en jbig2_image.c durante operaciones en un archivo .jb2 manipulado, dando l... • http://www.debian.org/security/2017/dsa-3855 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7975 – Gentoo Linux Security Advisory 201708-10
https://notcve.org/view.php?id=CVE-2017-7975
19 Apr 2017 — Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. Artifex jbig2dec 0.13, como se utiliza en Ghostscript, permite escrituras fuera de límites debido a un desbordamiento de entero en la función jbig2_build_huffman_table en jbig2_huffman.c durante operaciones en ... • http://www.debian.org/security/2017/dsa-3855 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7885 – Gentoo Linux Security Advisory 201708-10
https://notcve.org/view.php?id=CVE-2017-7885
17 Apr 2017 — Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. Artifex jbig2dec 0.13 tiene una sobre lectura de búfer basada en memoria dinámica dando lugar a denegación de servicio (caída de aplicación) o divulgación de información sensible desde la memori... • http://www.debian.org/security/2017/dsa-3855 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9601 – Debian Security Advisory 3817-1
https://notcve.org/view.php?id=CVE-2016-9601
24 Mar 2017 — ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. ghostscript, en versiones anteriores a la 9.21, es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) descubierto en la función de ghostscript jbig... • http://git.ghostscript.com/?p=jbig2dec.git%3Ba=commit%3Bh=e698d5c11d27212aa1098bc5b1673a3378563092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •