CVE-2023-46361: 
NixOS vulnerability analysis and mitigation

CVE-2023-46361 is a vulnerability discovered in Artifex Software jbig2dec version 0.20. The vulnerability was published on October 31, 2023, and affects the jbig2dec library, specifically involving a SEGV (Segmentation Violation) issue in the jbig2_error function located at /jbig2dec/jbig2.c (NVD, GitHub POC).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium severity), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue specifically manifests as a segmentation violation in the jbig2_error function, which can be triggered through network access with user interaction required. The vulnerability has been categorized under CWE-400 (Uncontrolled Resource Consumption) (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can lead to a Denial of Service (DoS) condition through a segmentation fault in the affected component. The vulnerability affects the availability aspect while maintaining the confidentiality and integrity of the system (GitHub POC).

Various Linux distributions have released security updates to address this vulnerability. Users are advised to upgrade their jbig2dec packages to the latest available version through their respective package managers (Rapid7).