jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
0.29%
Published
2020-04-27
Updated
2021-11-02
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.
Max CVSS
7.1
EPSS Score
0.12%
Published
2017-04-19
Updated
2017-11-04
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.
Max CVSS
7.8
EPSS Score
0.17%
Published
2017-04-19
Updated
2017-11-04
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
Max CVSS
7.1
EPSS Score
0.12%
Published
2017-04-17
Updated
2017-11-04
4 vulnerabilities found