Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jbig2dec vulnerabilities

Related Vulnerabilities: CVE-2016-9601   CVE-2017-7885   CVE-2017-7975   CVE-2017-7976  

Several security issues were fixed in jbig2dec.

Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)

Source

24 May 2017

jbig2dec vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in jbig2dec.

Software Description

  • jbig2dec - JBIG2 decoder library

Details

Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)

It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885)

Jiaqi Peng discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975)

Dai Ge discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.04
jbig2dec - 0.13-4ubuntu0.1
libjbig2dec0 - 0.13-4ubuntu0.1
Ubuntu 16.10
jbig2dec - 0.13-2ubuntu0.1
libjbig2dec0 - 0.13-2ubuntu0.1
Ubuntu 16.04 LTS
jbig2dec - 0.12+20150918-1ubuntu0.1
libjbig2dec0 - 0.12+20150918-1ubuntu0.1
Ubuntu 14.04 LTS
jbig2dec - 0.11+20120125-1ubuntu1.1
libjbig2dec0 - 0.11+20120125-1ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started