漏洞信息详情
Artifex Software jbig2dec 缓冲区错误漏洞
- CNNVD编号:CNNVD-202004-2157 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2020-12268
- 漏洞类型: 缓冲区错误
- 发布时间: 2020-04-26
- 威胁类型: 远程
- 更新时间: 2021-11-01
- 厂 商:
- 漏洞来源: Red Hat
-
漏洞简介
Artifex Software jbig2dec是美国Artifex Software公司的一款JBIG2图像压缩格式的解码器实现。
Artifex Software jbig2dec 0.18之前版本中的jbig2_image.c文件的‘jbig2_image_compose’函数存在缓冲区错误漏洞。攻击者可利用该漏洞执行任意代码或造成拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
参考网址
来源:MISC
链接:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
来源:MISC
链接:https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html
来源:MISC
链接:https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-12268
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158493/Red-Hat-Security-Advisory-2020-3043-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158401/Red-Hat-Security-Advisory-2020-2897-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1739/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158445/Red-Hat-Security-Advisory-2020-2971-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2495/
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/48484
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/ghostscript-buffer-overflow-via-jbig2-image-compose-32210
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3617
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1739.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2376/
受影响实体
暂无
补丁
- Artifex Software jbig2dec 缓冲区错误漏洞的修复措施<!--2020-4-26-->
还没有评论,来说两句吧...