{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3855", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3855"}, {"name": "GLSA-201708-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-10"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697703"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7885", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3855", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3855"}, {"name": "GLSA-201708-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-10"}, {"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697703", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697703"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.334Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3855", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3855"}, {"name": "GLSA-201708-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697703"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7885", "datePublished": "2017-04-17T00:00:00.000Z", "dateReserved": "2017-04-16T00:00:00.000Z", "dateUpdated": "2024-08-05T16:19:29.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "8C234C01-080C-41D8-BC58-E814C7F260F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file."}, {"lang": "es", "value": "Artifex jbig2dec 0.13 tiene una sobre lectura de b\u00fafer basada en memoria din\u00e1mica dando lugar a denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o divulgaci\u00f3n de informaci\u00f3n sensible desde la memoria de proceso, debido a un desbordamiento de entero en la funci\u00f3n jbig2_decode_symbol_dict en jbig2_symbol_dict.c en libjbig2dec.a durante una operaci\u00f3n en un archivo .jb2 manipulado."}], "id": "CVE-2017-7885", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-17T00:59:00.157", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3855"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697703"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201708-10"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dai Ge (Chinese Academy of Sciences) for reporting this issue.", "bugzilla": {"description": "jbig2dec: Integer overflow in jbig2_decode_symbol_dict", "id": "1444104", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444104"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-190", "details": ["Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file."], "name": "CVE-2017-7885", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Under investigation", "package_name": "ghostscript", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2017-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7885\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7885"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification.", "threat_severity": "Low"}

{}