Mandriva Linux Security Advisory 2015-101 - Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary code. The jbigkit package has been updated to version 2.1, which fixes this issue, as well as a few other bugs, including the ability of corrupted input data to force the jbig85 decoder into an end-less loop.
0eef4cdfaf4e18da84306809e2310c9f65932487688f820380f590e6d610fa60
Gentoo Linux Security Advisory 201405-20 - A stack-based buffer overflow in JBIG-KIT might allow remote attackers to cause a Denial of Service. Versions less than 2.1 are affected.
b72402b9c4b4b8334ba339b80c5b8e3bde5e2e8f0917ed325dea455f8257a78a
Ubuntu Security Notice 2190-1 - Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code.
ea57729f0035f416a9187f98546a27dd406beb7cbf1449e2d0ff976d91a3d7b1
Mandriva Linux Security Advisory 2014-077 - Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image file. The updated packages for mbs1 have been upgraded to the 2.1 version and the packages for mes5 has been patched to resolve this security flaw.
b19982fd8981510714ae922d5c7e838c4c23421781ac09bfdf0549354f6a88e6
Debian Linux Security Advisory 2900-1 - Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images.
a62089eb0007a6409a8672fbd0149f4e0ed8f076992e3c6803504467be05377b