CVE-2013-6369

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
cambridge_enterprisejbig-kit
𝑥
≤ 2.0
cambridge_enterprisejbig-kit
0.5
cambridge_enterprisejbig-kit
0.6
cambridge_enterprisejbig-kit
0.7
cambridge_enterprisejbig-kit
0.8
cambridge_enterprisejbig-kit
0.9
cambridge_enterprisejbig-kit
1.0
cambridge_enterprisejbig-kit
1.1
cambridge_enterprisejbig-kit
1.2
cambridge_enterprisejbig-kit
1.3
cambridge_enterprisejbig-kit
1.4
cambridge_enterprisejbig-kit
1.5
cambridge_enterprisejbig-kit
1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jbigkit
bookworm
2.1-6.1
fixed
bullseye
2.1-3.1
fixed
sid
2.1-6.1
fixed
trixie
2.1-6.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbigkit
lucid
dne
precise
dne
quantal
Fixed 2.0-2ubuntu1.12.10.1
released
saucy
Fixed 2.0-2ubuntu1.13.10.1
released
trusty
Fixed 2.0-2ubuntu4.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libjbig-devel
suse enterprise desktop 15
2.1-1.31
fixed
suse enterprise desktop 15 SP1
2.1-1.31
fixed
suse enterprise desktop 15 SP2
2.1-1.31
fixed
suse enterprise desktop 15 SP3
2.1-1.31
fixed
suse enterprise desktop 15 SP4
2.1-3.2.1
fixed
suse enterprise desktop 15 SP5
2.1-3.2.1
fixed
suse enterprise desktop 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise desktop 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise sap 15
2.1-1.31
fixed
suse enterprise sap 15 SP1
2.1-1.31
fixed
suse enterprise sap 15 SP2
2.1-1.31
fixed
suse enterprise sap 15 SP3
2.1-1.31
fixed
suse enterprise sap 15 SP4
2.1-3.2.1
fixed
suse enterprise sap 15 SP5
2.1-3.2.1
fixed
suse enterprise sap 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise sap 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise server 15
2.1-1.31
fixed
suse enterprise server 15 SP1
2.1-1.31
fixed
suse enterprise server 15 SP2
2.1-1.31
fixed
suse enterprise server 15 SP3
2.1-1.31
fixed
suse enterprise server 15 SP4
2.1-3.2.1
fixed
suse enterprise server 15 SP5
2.1-3.2.1
fixed
suse enterprise server 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise server 15 SP7
2.1-150000.3.5.1
fixed
libjbig2
suse enterprise desktop 15
2.1-1.31
fixed
suse enterprise desktop 15 SP1
2.1-1.31
fixed
suse enterprise desktop 15 SP2
2.1-1.31
fixed
suse enterprise desktop 15 SP3
2.1-1.31
fixed
suse enterprise desktop 15 SP4
2.1-3.2.1
fixed
suse enterprise desktop 15 SP5
2.1-3.2.1
fixed
suse enterprise desktop 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise desktop 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise sap 12 SP5
2.0-12.13
fixed
suse enterprise sap 15
2.1-1.31
fixed
suse enterprise sap 15 SP1
2.1-1.31
fixed
suse enterprise sap 15 SP2
2.1-1.31
fixed
suse enterprise sap 15 SP3
2.1-1.31
fixed
suse enterprise sap 15 SP4
2.1-3.2.1
fixed
suse enterprise sap 15 SP5
2.1-3.2.1
fixed
suse enterprise sap 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise sap 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise server 12
2.0-12.6
fixed
suse enterprise server 12 SP1
2.0-12.13
fixed
suse enterprise server 12 SP2
2.0-12.6
fixed
suse enterprise server 12 SP3
2.0-12.6
fixed
suse enterprise server 12 SP4
2.0-12.6
fixed
suse enterprise server 12 SP5
2.0-12.6
fixed
suse enterprise server 15
2.1-1.31
fixed
suse enterprise server 15 SP1
2.1-1.31
fixed
suse enterprise server 15 SP2
2.1-1.31
fixed
suse enterprise server 15 SP3
2.1-1.31
fixed
suse enterprise server 15 SP4
2.1-3.2.1
fixed
suse enterprise server 15 SP5
2.1-3.2.1
fixed
suse enterprise server 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise server 15 SP7
2.1-150000.3.5.1
fixed
libjbig2-32bit
suse enterprise desktop 15 SP4
2.1-3.2.1
fixed
suse enterprise desktop 15 SP5
2.1-3.2.1
fixed
suse enterprise desktop 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise desktop 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise sap 12 SP5
2.0-12.13
fixed
suse enterprise sap 15 SP4
2.1-3.2.1
fixed
suse enterprise sap 15 SP5
2.1-3.2.1
fixed
suse enterprise sap 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise sap 15 SP7
2.1-150000.3.5.1
fixed
suse enterprise server 12
2.0-12.13
fixed
suse enterprise server 12 SP1
2.0-12.13
fixed
suse enterprise server 12 SP2
2.0-12.13
fixed
suse enterprise server 12 SP3
2.0-12.13
fixed
suse enterprise server 12 SP4
2.0-12.13
fixed
suse enterprise server 12 SP5
2.0-12.13
fixed
suse enterprise server 15 SP4
2.1-3.2.1
fixed
suse enterprise server 15 SP5
2.1-3.2.1
fixed
suse enterprise server 15 SP6
2.1-150000.3.5.1
fixed
suse enterprise server 15 SP7
2.1-150000.3.5.1
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/57731
http://www.securityfocus.com/bid/66697
https://bugzilla.redhat.com/show_bug.cgi?id=1032273
https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES
http://secunia.com/advisories/57731
http://www.securityfocus.com/bid/66697
https://bugzilla.redhat.com/show_bug.cgi?id=1032273
https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES