CVE-2017-7975 - OpenCVE

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Artifex	Jbig2dec

Configuration 1 [-]

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3855
https://bugs.ghostscript.com/show_bug.cgi?id=697693	Issue Tracking
https://security.gentoo.org/glsa/201708-10

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-19T16:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2017-04-19T00:00:00

Link: CVE-2017-7975

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-19T16:59:00.183

Modified: 2017-11-04T01:29:53.570

Link: CVE-2017-7975

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3855", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3855"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697693"}, {"name": "GLSA-201708-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7975", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3855", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3855"}, {"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697693", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697693"}, {"name": "GLSA-201708-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-10"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7975", "datePublished": "2017-04-19T16:00:00", "dateReserved": "2017-04-19T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "8C234C01-080C-41D8-BC58-E814C7F260F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code."}, {"lang": "es", "value": "Artifex jbig2dec 0.13, como se utiliza en Ghostscript, permite escrituras fuera de l\u00edmites debido a un desbordamiento de entero en la funci\u00f3n jbig2_build_huffman_table en jbig2_huffman.c durante operaciones en un archivo JBIG2 manipulado, dando lugar a una denegac\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2017-7975", "lastModified": "2017-11-04T01:29:53.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-19T16:59:00.183", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3855"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697693"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-10"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}