Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Arch Linux: 201711-28 Medium: jbig2dec Denial Of Service

Calendar Nov 22, 2017 User Avatar LinuxSecurity Advisories
1 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service software update medium severity advisory Arch Linux jbig2dec
The package jbig2dec before version 0.14-1 is vulnerable to denial of service. 
Arch Linux Security Advisory ASA-201711-28
=========================================
Severity: Medium
Date    : 2017-11-22
CVE-ID  : CVE-2017-9216
Package : jbig2dec
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-517

Summary
======
The package jbig2dec before version 0.14-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 0.14-1.

# pacman -Syu "jbig2dec>=0.14-1"

The problem has been fixed upstream in version 0.14.

Workaround
=========
None.

Description
==========
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.

Impact
=====
A remote attacker is able to crash the application by providing an
invalid file.

References
=========
https://bugs.archlinux.org/task/56405
https://bugs.ghostscript.com/show_bug.cgi?id=697934

https://security.archlinux.org/CVE-2017-9216

Related News

Your message here