GCVE - cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:jbig2dec:0.13:*:*:*:*:*:*:*

part: a version: 0.13 update: *

Vendor	Artifex (`0075fabc-cec9-5063-a004-04a5c9db1a9b`)
Product	Jbig2Dec (`2df42176-ec97-57e3-8f32-74ecb5c56730`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648665
`pkg:deb/ubuntu/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648667
`pkg:github/artifexsoftware/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648668
`pkg:gitlab/redhat/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648669
`pkg:rpm/fedora/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648671
`pkg:rpm/opensuse/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648672
`pkg:sourceforge/jbig2dec`	purl2cpe	2026-06-01 10:14:59.648673

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7976`	vulnerable	2026-06-03 14:37:38.582498	Details available Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. Published: 2017-04-19T17:00:00.000Z Updated: 2024-08-05T16:19:29.644Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=697683 http://www.debian.org/security/2017/dsa-3855 https://security.gentoo.org/glsa/201708-10	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7975`	vulnerable	2026-06-03 14:37:38.582186	Details available Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. Published: 2017-04-19T16:00:00.000Z Updated: 2024-08-05T16:19:29.354Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3855 https://bugs.ghostscript.com/show_bug.cgi?id=697693 https://security.gentoo.org/glsa/201708-10	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7885`	vulnerable	2026-06-03 14:37:38.216630	Details available Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. Published: 2017-04-17T00:00:00.000Z Updated: 2024-08-05T16:19:29.334Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3855 https://security.gentoo.org/glsa/201708-10 https://bugs.ghostscript.com/show_bug.cgi?id=697703	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.