Upstream information

CVE-2013-6369 at MITRE

Description

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 870855 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libjbig2 >= 2.0-12.13
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libjbig2
SUSE Linux Enterprise Desktop 12 SP1
  • libjbig2 >= 2.0-12.13
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libjbig2
SUSE Linux Enterprise Desktop 12 SP2
  • libjbig2 >= 2.0-12.13
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libjbig2
SUSE Linux Enterprise Desktop 12 SP3
  • libjbig2 >= 2.0-12.13
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libjbig2
SUSE Linux Enterprise Module for Basesystem 15
  • libjbig-devel >= 2.1-1.31
  • libjbig2 >= 2.1-1.31
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libjbig-devel
SUSE Linux Enterprise Module for Desktop Applications 15
  • libjbig2-32bit >= 2.1-1.31
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA libjbig2-32bit
SUSE Linux Enterprise Server 12
  • libjbig2 >= 2.0-12.6
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Server 12 GA libjbig2
SUSE Linux Enterprise Server 12 SP1
  • libjbig2 >= 2.0-12.13
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libjbig2
SUSE Linux Enterprise Server 12 SP2
  • libjbig2 >= 2.0-12.6
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libjbig2
SUSE Linux Enterprise Server 12 SP3
  • libjbig2 >= 2.0-12.6
  • libjbig2-32bit >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libjbig2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libjbig2 >= 2.0-12.6
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libjbig2
SUSE Linux Enterprise Software Development Kit 12
  • libjbig-devel >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libjbig-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libjbig-devel >= 2.0-12.13
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libjbig-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libjbig-devel >= 2.0-12.6
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libjbig-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libjbig-devel >= 2.0-12.6
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libjbig-devel
openSUSE 13.1
  • jbigkit >= 2.0-10.4.1
  • jbigkit-debuginfo >= 2.0-10.4.1
  • jbigkit-debugsource >= 2.0-10.4.1
  • libjbig-devel >= 2.0-10.4.1
  • libjbig-devel-32bit >= 2.0-10.4.1
  • libjbig2 >= 2.0-10.4.1
  • libjbig2-32bit >= 2.0-10.4.1
  • libjbig2-debuginfo >= 2.0-10.4.1
  • libjbig2-debuginfo-32bit >= 2.0-10.4.1
Patchnames:
openSUSE-2014-490
openSUSE Leap 15.0
  • libjbig2 >= 2.1-lp150.1.14
Patchnames:
openSUSE Leap 15.0 GA libjbig2
openSUSE Leap 42.1
  • libjbig2 >= 2.0-3.2
  • libjbig2-32bit >= 2.0-3.2
Patchnames:
openSUSE Leap 42.1 GA libjbig2
openSUSE Leap 42.2
  • libjbig2 >= 2.0-4.4
  • libjbig2-32bit >= 2.0-4.4
Patchnames:
openSUSE Leap 42.2 GA libjbig2
openSUSE Leap 42.3
  • libjbig2 >= 2.0-6.3
  • libjbig2-32bit >= 2.0-6.3
Patchnames:
openSUSE Leap 42.3 GA libjbig2
openSUSE Tumbleweed
  • jbigkit >= 2.1-3.8
  • libjbig-devel >= 2.1-3.8
  • libjbig-devel-32bit >= 2.1-3.8
  • libjbig2 >= 2.1-3.8
  • libjbig2-32bit >= 2.1-3.8
Patchnames:
openSUSE Tumbleweed GA jbigkit