Debian Security Advisory
DSA-3855-1 jbig2dec -- security update
- Date Reported:
- 18 May 2017
- Affected Packages:
- jbig2dec
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 860460, Bug 860787, Bug 860788.
In Mitre's CVE dictionary: CVE-2017-7885, CVE-2017-7975, CVE-2017-7976. - More information:
-
Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened.
For the stable distribution (jessie), these problems have been fixed in version 0.13-4~deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 0.13-4.1.
We recommend that you upgrade your jbig2dec packages.