Bugzilla – Bug 1034407
VUL-1: CVE-2017-7885: jbig2dec: heap-buffer-overflow by integer overflow to bypass the check in the function jbig2_decode_symbol_dict
Last modified: 2020-06-07 19:06:49 UTC
Created attachment 721432 [details] PoC_for_CVE-2017-7885_from_upstream_697703 Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7885 ===================================== Description Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. Source: MITRE Last Modified: 04/16/2017 ===================================== Hyperlink: https://bugs.ghostscript.com/show_bug.cgi?id=697703 (open-)SUSE: https://software.opensuse.org/package/jbig2dec 0.13 (TW, official repo) 0.11 (42.{1,2}, official repo)
not in SLE
Been resolved for a while (Leap:15.1 has version 0.14, TW has v 0.18).