Artifex Software jbig2dec 缓冲区错误漏洞
| CNNVD-ID编号 | CNNVD-202004-2157 | CVE编号 | CVE-2020-12268 |
| 发布时间 | 2020-04-26 | 更新时间 | 2020-09-07 |
| 漏洞类型 | 缓冲区错误 | 漏洞来源 | N/A |
| 危险等级 | 超危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
漏洞介绍
Artifex Software jbig2dec是美国Artifex Software公司的一款JBIG2图像压缩格式的解??码器实现。
Artifex Software jbig2dec 0.18之前版本中的jbig2_image.c文件的‘jbig2_image_compose’函数存在缓冲区错误漏洞。攻击者可利用该漏洞执行任意代码或造成拒绝服务。
漏洞补丁
目前厂商已发布升级了Artifex Software jbig2dec 缓冲区错误漏洞的补丁,Artifex Software jbig2dec 缓冲区错误漏洞的补丁获取链接:
https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
参考网址
来源:MISC
链接:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
来源:MISC
链接:https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00034.html
来源:MISC
链接:https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-12268
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158493/Red-Hat-Security-Advisory-2020-3043-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158401/Red-Hat-Security-Advisory-2020-2897-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1739/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158445/Red-Hat-Security-Advisory-2020-2971-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2495/
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/48484
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/ghostscript-buffer-overflow-via-jbig2-image-compose-32210
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1739.2/
受影响实体
暂无
信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202004-2157
评论