MGASA-2014-0174

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0174.html

Import Source

https://advisories.mageia.org/MGASA-2014-0174.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0174

Related

CVE-2013-6369

Published

2014-04-15T18:28:17Z

Modified

2014-04-15T18:28:08Z

Summary

Updated jbigkit packages fix CVE-2013-6369

Details

Updated jbigkit packages fix security vulnerability:

Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary code (CVE-2013-6369).

The jbigkit package has been updated to version 2.1, which fixes this issue, as well as a few other bugs, including the ability of corrupted input data to force the jbig85 decoder into an end-less loop.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / jbigkit

Package

Name: jbigkit
Purl: pkg:rpm/mageia/jbigkit?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / jbigkit

Package

Name: jbigkit
Purl: pkg:rpm/mageia/jbigkit?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1-1.mga4

Ecosystem specific

{
    "section": "core"
}