vulnerability
Oracle Linux: CVE-2020-12268: ELSA-2020-2897: jbig2dec security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 27, 2020 | Jul 22, 2020 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 27, 2020
Added
Jul 22, 2020
Modified
Dec 3, 2025
Description
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
An integer overflow was found in jbig2dec, which causes an out-of-bounds read/write in the jbig2_image_compose function. This flaw could potentially result in the execution of code on the system. Applications that use jbig2dec with untrusted input may be vulnerable to this flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
An integer overflow was found in jbig2dec, which causes an out-of-bounds read/write in the jbig2_image_compose function. This flaw could potentially result in the execution of code on the system. Applications that use jbig2dec with untrusted input may be vulnerable to this flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution
oracle-linux-upgrade-jbig2dec-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.