Advisories » MGASA-2018-0039

Updated jbig2dec packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9216

Description

libjbig2dec.a in Artifex jbig2dec 0.13 has a NULL pointer dereference in
the jbig2_huffman_get function in jbig2_huffman.c. For example, the
jbig2dec utility will crash (segmentation fault) when parsing an invalid
file (CVE-2017-9216).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22065
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5WXLQV64VNFUPCU35REYCOVZFDFAQDLH/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216

SRPMS

6/core

• jbig2dec-0.14-1.mga6

5/core

• jbig2dec-0.14-1.mga5