CVE-2020-12268

Опубликовано: 27 янв. 2020

Источник: redhat

CVSS3: 9.8

Описание

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

An integer overflow was found in jbig2dec, which causes an out-of-bounds read/write in the jbig2_image_compose function. This flaw could potentially result in the execution of code on the system. Applications that use jbig2dec with untrusted input may be vulnerable to this flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-190->CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1848518jbig2dec: heap-based buffer overflow in jbig2_image_compose in jbig2_image.c

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2020-12268

CVSS3: 9.8

ubuntu

почти 6 лет назад

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

CVE-2020-12268

CVSS3: 9.8

nvd

почти 6 лет назад

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

CVE-2020-12268

CVSS3: 9.8

debian

почти 6 лет назад

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...

openSUSE-SU-2020:0653-1

suse-cvrf

больше 5 лет назад

Security update for ghostscript

SUSE-SU-2020:1220-1

suse-cvrf

около 5 лет назад

Security update for ghostscript

9.8 Critical

CVSS3