Bug#860787: jbig2dec: CVE-2017-7976: Integer overflow in function jbig2_image_compose

To: 860787@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#860787: jbig2dec: CVE-2017-7976: Integer overflow in function jbig2_image_compose
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 10 May 2017 20:52:04 +0200
Message-id: <[🔎] 20170510185204.wlgogalbt7vqaemu@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 860787@bugs.debian.org
In-reply-to: <149266872165.22954.16268224978358960348.reportbug@lorien.valinor.li>
References: <149266872165.22954.16268224978358960348.reportbug@lorien.valinor.li>

Control: tags -1 + fixed-upstream

On Thu, Apr 20, 2017 at 08:12:01AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: security upstream
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
> Control: found -1 0.13-4~deb8u1
> 
> Hi,
> 
> the following vulnerability was published for jbig2dec.
> 
> CVE-2017-7976[0]:
> | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of
> | an integer overflow in the jbig2_image_compose function in
> | jbig2_image.c during operations on a crafted .jb2 file, leading to a
> | denial of service (application crash) or disclosure of sensitive
> | information from process memory.

Fixed in
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d

Regards,
Salvatore

Reply to:

Prev by Date: Bug#860788: jbig2dec: CVE-2017-7975: Out-of-bound memory write vulnerability due to integer overflow in function jbig2_build_huffman_table
Next by Date: Processed: Re: Bug#860787: jbig2dec: CVE-2017-7976: Integer overflow in function jbig2_image_compose
Previous by thread: Processed: Re: Bug#860788: jbig2dec: CVE-2017-7975: Out-of-bound memory write vulnerability due to integer overflow in function jbig2_build_huffman_table
Next by thread: Processed: Re: Bug#860787: jbig2dec: CVE-2017-7976: Integer overflow in function jbig2_image_compose
Index(es):
- Date
- Thread