Vulnerability Details CVE-2020-12268
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
- https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
- https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
- https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
- https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
- https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
- https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
Products affected by CVE-2020-12268
-
cpe:2.3:a:artifex:jbig2dec:0.1
-
cpe:2.3:a:artifex:jbig2dec:0.10
-
cpe:2.3:a:artifex:jbig2dec:0.11
-
cpe:2.3:a:artifex:jbig2dec:0.12
-
cpe:2.3:a:artifex:jbig2dec:0.13
-
cpe:2.3:a:artifex:jbig2dec:0.14
-
cpe:2.3:a:artifex:jbig2dec:0.15
-
cpe:2.3:a:artifex:jbig2dec:0.16
-
cpe:2.3:a:artifex:jbig2dec:0.17
-
cpe:2.3:a:artifex:jbig2dec:0.2
-
cpe:2.3:a:artifex:jbig2dec:0.3
-
cpe:2.3:a:artifex:jbig2dec:0.4
-
cpe:2.3:a:artifex:jbig2dec:0.5
-
cpe:2.3:a:artifex:jbig2dec:0.6
-
cpe:2.3:a:artifex:jbig2dec:0.7
-
cpe:2.3:a:artifex:jbig2dec:0.8
-
cpe:2.3:a:artifex:jbig2dec:0.9
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:leap:15.1