CVE-2017-9216

Source
Severity Medium
Remote Yes
Type Denial of service
Description
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
Group Package Affected Fixed Severity Status Ticket
AVG-517 jbig2dec 0.13-1 0.14-1 Medium Fixed FS#56405
Date Advisory Group Package Severity Description
22 Nov 2017 ASA-201711-28 AVG-517 jbig2dec Medium denial of service
References
https://bugs.ghostscript.com/show_bug.cgi?id=697934
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853