UbuntuUpdates.org

Package "jbig2dec"

Name: jbig2dec

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JBIG2 decoder library - shared libraries
  • JBIG2 decoder library - development files
Latest version: 0.12+20150918-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "jbig2dec" in Xenial

Repository Area Version
base main 0.12+20150918-1
base universe 0.12+20150918-1
security universe 0.12+20150918-1ubuntu0.1
updates main 0.12+20150918-1ubuntu0.1
updates universe 0.12+20150918-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.12+20150918-1ubuntu0.1 2017-05-24 14:06:47 UTC

  jbig2dec (0.12+20150918-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in jbig2_image_new
    - debian/patches/CVE-2016-9601-pre.patch: prevent checking too early in
      jbig2.c.
    - debian/patches/CVE-2016-9601-1.patch: fix signed/unsigned warnings in
      jbig2.c, jbig2.h, jbig2_generic.c, jbig2_halftone.c, jbig2_huffman.c,
      jbig2_huffman.h, jbig2_image.c, jbig2_mmr.c, jbig2_page.c,
      jbig2_priv.h, jbig2_segment.c, jbig2_symbol_dict.c,
      jbig2_symbol_dict.h, jbig2_text.c, jbig2_text.h.
    - debian/patches/CVE-2016-9601-2.patch: fix warnings in jbig2_image.c,
      jbig2_mmr.c, jbig2_symbol_dict.c.
    - CVE-2016-9601
  * SECURITY UPDATE: integer overflow in big2_decode_symbol_dict
    - debian/patches/CVE-2017-7885.patch: add extra check to
      jbig2_symbol_dict.c.
    - CVE-2017-7885
  * SECURITY UPDATE: integer overflow in jbig2_build_huffman_table
    - debian/patches/CVE-2017-7975.patch: use uint32_t in jbig2_huffman.c.
    - CVE-2017-7975
  * SECURITY UPDATE: integer overflow in jbig2_image_compose
    - debian/patches/CVE-2017-7976.patch: add bounds check to
      jbig2_image.c.
    - CVE-2017-7976

 -- Marc Deslauriers <email address hidden> Fri, 19 May 2017 08:26:25 -0400
CVE-2016-9601 Heap-buffer overflow due to Integer overflow in jbig2_image_new function
CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from
CVE-2017-7975 Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function i
CVE-2017-7976 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c durin


About   -   Send Feedback to @ubuntu_updates