{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032273"}, {"name": "57731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57731"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES"}, {"name": "66697", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66697"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.102Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032273"}, {"name": "57731", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57731"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES"}, {"name": "66697", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66697"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6369", "datePublished": "2014-04-11T14:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.102Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA43E6CF-EA31-4C93-8316-80C24F515E5D", "versionEndIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "777925B5-F546-4DB0-8EEB-F7B70CDCAD26", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BC857FAE-24BB-4F76-B64A-C044EBACCEB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "91B6AF78-0C28-433A-8F81-8EBCBF3F6FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "32166006-3001-4A59-BE85-A26FD72B8256", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "96FB0E70-F378-4388-B4D6-CAFE86566C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F878084-BBB2-4168-A9E6-75FABFB4E677", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D03F95B9-5731-4B06-A303-A0F5309BB2F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "23BC9B9E-0BF6-4A77-975F-02A93DEC37F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "ECD7C688-C054-4529-AC11-478C0D8EF99E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D63A023-876C-44B7-A059-5067FF2FBAD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CC8F5C0E-F74C-461C-9499-AB6DCC3B752D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cambridge_enterprise:jbig-kit:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "87A12E46-1ED6-4E88-A3AE-1A1C93D6DF5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n jbg_dec_in en libjbig/jbig.c en JBIG-KIT anterior a 2.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de imagen manipulado."}], "id": "CVE-2013-6369", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-11T14:55:05.633", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57731"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66697"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032273"}, {"source": "secalert@redhat.com", "url": "https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "bugzilla": {"description": "jbigkit: stack-based buffer overflow flaw", "id": "1032273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032273"}, "csaw": false, "cvss": {"cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file."], "name": "CVE-2013-6369", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "jbigkit", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-04-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6369\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6369"], "statement": "This issue did not affect the versions of jbigkit as shipped with Red Hat Enterprise Linux 7, as the issue was corrected before the release of Red Hat Enterprise Linux 7.", "threat_severity": "Moderate"}