Security Information / 2017 / Security Information -- DSA-3855-1 jbig2dec

Debian Security Advisory

DSA-3855-1 jbig2dec -- security update

Date Reported:

18 May 2017

Affected Packages:

jbig2dec

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 860460, Bug 860787, Bug 860788.
In Mitre's CVE dictionary: CVE-2017-7885, CVE-2017-7975, CVE-2017-7976.

More information:

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.

For the stable distribution (jessie), these problems have been fixed in version 0.13-4~deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 0.13-4.1.

We recommend that you upgrade your jbig2dec packages.