CVE-2020-12268

Name
CVE-2020-12268
Description
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
Patch https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:jbig2dec:*:*:*:*:*:*:*:* jbig2dec >= None < 0.18

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jbig2dec 3.12-main 0.18-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
jbig2dec 3.10-main 0.16-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
jbig2dec 3.11-main 0.17-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable