Artifex jbig2dec allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash). Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697683
Created jbig2dec tracking bugs for this issue: Affects: epel-all [bug 1443899] Affects: fedora-all [bug 1443898]
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1443934] Created mupdf tracking bugs for this issue: Affects: fedora-all [bug 1443933]
Acknowledgments: Name: Dai Ge (Chinese Academy of Sciences)
CVE-2017-7976 is a regression caused by the upstream commit cecf6b (fixing CVE-2016-9601), in which signed int were changed to unsigned int. As such, RHEL 5,6 & 7 are not affected.