Bug 1443897 (CVE-2017-7976) - CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function
Summary: CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-7976
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1443898 1443899 1443933 1443934
Blocks: 1443943
TreeView+ depends on / blocked
 
Reported: 2017-04-20 08:30 UTC by Andrej Nemec
Modified: 2019-09-29 14:10 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-20 14:08:59 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2017-04-20 08:30:15 UTC
Artifex jbig2dec allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash).

Upstream bug:

https://bugs.ghostscript.com/show_bug.cgi?id=697683

Comment 1 Andrej Nemec 2017-04-20 08:30:48 UTC
Created jbig2dec tracking bugs for this issue:

Affects: epel-all [bug 1443899]
Affects: fedora-all [bug 1443898]

Comment 2 Adam Mariš 2017-04-20 09:48:00 UTC
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 1443934]


Created mupdf tracking bugs for this issue:

Affects: fedora-all [bug 1443933]

Comment 3 Adam Mariš 2017-04-20 10:02:10 UTC
Acknowledgments:

Name: Dai Ge (Chinese Academy of Sciences)

Comment 4 Cedric Buissart 🐶 2017-07-20 14:04:31 UTC
CVE-2017-7976 is a regression caused by the upstream commit cecf6b (fixing CVE-2016-9601), in which signed int were changed to unsigned int.

As such, RHEL 5,6 & 7 are not affected.


Note You need to log in before you can comment on or make changes to this bug.