Integer overflow in Artifex jbig2dec - CVE-2017-7975
Published: May 24, 2017 / Updated: August 30, 2017
Vulnerability identifier: #VU6703
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-7975
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Artifex Software, Inc.
Affected software:
Artifex jbig2dec
Artifex jbig2dec
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.
The weakness exists due to integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file. A remote attacker can send a specially crafted .jb2 file, trigger out-of-bounds writes and cause the application to crash or execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file. A remote attacker can send a specially crafted .jb2 file, trigger out-of-bounds writes and cause the application to crash or execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-7975
Install update from vendor's website.