Jbig2Dec
CVE-2017-9216
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
AnalysisAI
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. Affected products include: Artifex Jbig2Dec, Debian Debian Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. Rated critical se
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. Rat
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_b
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose fu
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure o
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today