Bugzilla – Bug 1216729
VUL-0: CVE-2023-46361: jbig2dec: SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
Last modified: 2025-01-27 11:25:35 UTC
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46361
BEFORE TW/jbig2dec :/216729 # jbig2dec -d -e --hash Poc1jbig2dec Sorry, segment dump not yet implemented Segmentation fault (core dumped) :/216729 # [reproduced] 15/jbig2dec :/216729 # jbig2dec -d -e --hash Poc1jbig2dec jbig2dec: invalid option -- 'e' Usage: jbig2dec [options] <file.jbig2> or jbig2dec [options] <global_stream> <page_stream> When invoked with a single file, it attempts to parse it as a normal jbig2 file. Invoked with two files, it treats the first as the global segments, and the second as the segment stream for a particular page. This is useful for examining embedded streams. available options: -h --help this usage summary -q --quiet suppress diagnostic output -v --verbose set the verbosity level -d --dump print the structure of the jbig2 file rather than explicitly decoding --version program name and version information --hash print a hash of the decoded document -o <file> send decoded output to <file> Defaults to the the input with a different extension. Pass '-' for stdout. -t <type> force a particular output file format supported options are 'png' and 'pbm' :/216729 # [does not have -e] PATCH https://bugs.ghostscript.com/show_bug.cgi?id=705041 https://git.ghostscript.com/?p=ghostpdl.git;h=44ca5b9d023e1de33fcb8984c85bb29619c4db7e 15/jbig2dec: code is not there, considering unaffected AFTER TW/jbig2dec :/216729 # jbig2dec -d -e --hash Poc1jbig2dec Sorry, segment dump not yet implemented :/216729 #
Submitted into devel project: https://build.opensuse.org/request/show/1126783 I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1216729) was mentioned in https://build.opensuse.org/request/show/1127514 Factory / jbig2dec