RSS   Vulnerabilities for 'Jbig2dec'   RSS

2018-04-23
 
CVE-2016-9601

CWE-119
 

 
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

 
2017-05-24
 
CVE-2017-9216

 

 
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.

 
2017-04-19
 
CVE-2017-7976

CWE-190
 

 
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.

 
 
CVE-2017-7975

CWE-190
 

 
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.

 
2017-04-16
 
CVE-2017-7885

CWE-190
 

 
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.

 

 >>> Vendor: Artifex 9 Products
Afpl ghostscript
Ghostscript fonts
Gpl ghostscript
Mupdf
MUJS
Ghostscript
Jbig2dec
Ghostscript ghostxps
Gsview


Copyright 2019, cxsecurity.com

 

Back to Top