CVE-2013-6369

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
cambridge_enterprisejbig-kit
𝑥
≤ 2.0
cambridge_enterprisejbig-kit
0.5
cambridge_enterprisejbig-kit
0.6
cambridge_enterprisejbig-kit
0.7
cambridge_enterprisejbig-kit
0.8
cambridge_enterprisejbig-kit
0.9
cambridge_enterprisejbig-kit
1.0
cambridge_enterprisejbig-kit
1.1
cambridge_enterprisejbig-kit
1.2
cambridge_enterprisejbig-kit
1.3
cambridge_enterprisejbig-kit
1.4
cambridge_enterprisejbig-kit
1.5
cambridge_enterprisejbig-kit
1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jbigkit
bullseye
2.1-3.1
fixed
sid
2.1-6.1
fixed
trixie
2.1-6.1
fixed
bookworm
2.1-6.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbigkit
trusty
Fixed 2.0-2ubuntu4.1
released
saucy
Fixed 2.0-2ubuntu1.13.10.1
released
quantal
Fixed 2.0-2ubuntu1.12.10.1
released
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/57731
http://www.securityfocus.com/bid/66697
https://bugzilla.redhat.com/show_bug.cgi?id=1032273
https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES
http://secunia.com/advisories/57731
http://www.securityfocus.com/bid/66697
https://bugzilla.redhat.com/show_bug.cgi?id=1032273
https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES