Strix
26.1K

CVE-2017-7885

UnknownEPSS 1.18%

Last modified

CVE-2017-7885 is a vulnerability of currently unknown severity. Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.. EPSS estimates a 1.18% chance of exploitation in the next 30 days.

Description

Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.

Metrics

EPSS Probability
1.18%

63.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArtifexJbig2dec0.13

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-7885?
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
How severe is CVE-2017-7885?
Severity scoring for CVE-2017-7885 is pending analysis. The EPSS model estimates a 1.18% probability of exploitation in the next 30 days.
How do I fix CVE-2017-7885?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7885?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST