jbig2dec: CVE-2017-9216: NULL pointer dereference in the jbig2_huffman_get function

Debian Bug report logs - #863279
jbig2dec: CVE-2017-9216: NULL pointer dereference in the jbig2_huffman_get function

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: jbig2dec: CVE-2017-9216: NULL pointer dereference in the jbig2_huffman_get function

Date: Wed, 24 May 2017 20:40:44 +0200

Source: jbig2dec
Version: 0.13-1
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934

Hi,

the following vulnerability was published for jbig2dec.

CVE-2017-9216[0]:
| libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
| Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
| function in jbig2_huffman.c. For example, the jbig2dec utility will
| crash (segmentation fault) when parsing an invalid file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9216
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697934

Regards,
Salvatore

Message #10 received at 863279@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 863279@bugs.debian.org

Cc: Jonas Smedegaard <dr@jones.dk>

Subject: Re: Bug#863279: jbig2dec: CVE-2017-9216: NULL pointer dereference in the jbig2_huffman_get function

Date: Sat, 27 May 2017 21:20:50 +0200

Control: tags -1 + fixed-upstream

On Wed, May 24, 2017 at 08:40:44PM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-1
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934
> 
> Hi,
> 
> the following vulnerability was published for jbig2dec.
> 
> CVE-2017-9216[0]:
> | libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
> | Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
> | function in jbig2_huffman.c. For example, the jbig2dec utility will
> | crash (segmentation fault) when parsing an invalid file.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-9216
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216
> [1] https://bugs.ghostscript.com/show_bug.cgi?id=697934

Fixed upstream with

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853

Regards,
Salvatore

Message #17 received at 863279-close@bugs.debian.org (full text, mbox, reply):

From: Jonas Smedegaard <dr@jones.dk>

To: 863279-close@bugs.debian.org

Subject: Bug#863279: fixed in jbig2dec 0.13-5

Date: Sat, 23 Sep 2017 11:35:47 +0000

Source: jbig2dec
Source-Version: 0.13-5

We believe that the bug you reported is fixed in the latest version of
jbig2dec, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863279@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated jbig2dec package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Sep 2017 13:27:40 +0200
Source: jbig2dec
Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec
Architecture: source
Version: 0.13-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
 jbig2dec   - JBIG2 decoder library - tools
 libjbig2dec0 - JBIG2 decoder library - shared libraries
 libjbig2dec0-dev - JBIG2 decoder library - development files
Closes: 863279
Changes:
 jbig2dec (0.13-5) unstable; urgency=medium
 .
   * Add DEP-3 header to patch 1001.
   * Advertise DEP-3 format in patch headers.
   * Add patches cherry-picked upstream:
     + Fix decoder error on JBIG2 compressed image.
     + Tidy up unused code.
     + Add sanity check on image sizes.
     + refine test for "Denial of Service" images
     + Prevent SEGV due to integer overflow.
     + Prevent integer overflow vulnerability.
     + Bounds check before reading from image source data.
     + Plug leak of parameter info in command-line tool.
     + Fix memory leak in case of error.
     + Make clipping in image compositing handle underflow.
     + Fix double free in error case.
     + Do bounds checking of read data.
     + Do not grow page if page height is known.
     + Fix SEGV due to error code being ignored.
       Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso.
     + Allow for symbol dictionary with 0 symbols.
   * Update watch file: Use substitution strings.
   * Stop put aside auto-generated header file during build: No longer
     shipped upstream.
   * Modernize cdbs:
     + Do copyright-check in maintainer script (not during build).
     + Relax to build-depend unversioned on cdbs.
     + Stop build-depend on licensecheck.
   * Declare compliance with Debian Policy 4.1.0.
   * Update copyright info:
     + Use https protocol in file format URL.
     + Fix rename License section AGPL-3 → AGPL-3+.
   * Tighten lintian overrides regarding License-Reference.
Checksums-Sha1:
 8f0414d51a1be00bee0b3f1ae9545ffe9b8046c6 2100 jbig2dec_0.13-5.dsc
 1cf4a0a0b28f5e6ffe0dd9e3cdfa621c7217aec5 30788 jbig2dec_0.13-5.debian.tar.xz
 d1173e06582c8139ee22851a0abfc10f4ad026a0 7204 jbig2dec_0.13-5_amd64.buildinfo
Checksums-Sha256:
 9450b10caa782fdc02b2cf1f7f136ce1c25fbe48790445de82ac6ed62fd991dd 2100 jbig2dec_0.13-5.dsc
 d7c25acd31b24fedc4c8de2cf8a5c6d5acc00e99d78c027da2fa74f23ef246ec 30788 jbig2dec_0.13-5.debian.tar.xz
 fb150e72ae2ebe05fab4c1dfe12e98c50801d80c8ae63ee0e4829ba6bc60a8aa 7204 jbig2dec_0.13-5_amd64.buildinfo
Files:
 5d719be385cc20ff3c41b04fb87bc4d6 2100 libs optional jbig2dec_0.13-5.dsc
 42f4012e11a09a077a6816517028c41c 30788 libs optional jbig2dec_0.13-5.debian.tar.xz
 f845153ec6002f7aea50b83563f2371e 7204 libs optional jbig2dec_0.13-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlnGRXcACgkQLHwxRsGg
ASElEQ/9Fo5K4pEQkBUFcJuhXx+l/XXVKJItqNYhsamZec9M7JUhiKSbr0dmt+R1
c5c9ZI3QvXkS+Vlj19MQWVjXpDEGlzJAgPKlYzBNIPSVHgFN/A83wL8thIzk9w4q
gzftvUrUkyyM1XLb7I7mZYVl2ei0ah5xrFlQphGu6pySj6TGIMSQ4yh5q1nP7CGi
wmkkQGX2BlBpwGR87h/li3nqji7MhbibCcAMW+tQHZlu1V9bIlN63WOeT8pw5qQp
mXPyiowiqvbSE1oS5H7GL/R8R2vQZoZ79REJ345+GotHiq5jBdICLo9FEHaWuZD+
Vd2afhdynsN5sZmnti2V9cYWpmyYsr378FrIWBMhg4tAsntuCppdEoo5n+A7n6iW
XyEvAtaiOjTPWT5oM8AWmDCs1mvhNFw8GTOARrzqH0eTSUI7R5loNDS95XRLaDuZ
zuufcEjpY+poWf4cyItPK1vPRl9aBjuf1GB3SrA3fYhlO7C9dlVv5/pe+vpOlpLz
fFwCIhcnmnm2Oy5hKB/uvS3ldZmz2bygU4vUuyRClNEYzTbu34DGuf09Fhr6qH+4
rdsFwp+xlqgEHCjD9cEZUzDHthQb57k15iQk4d5WfrIVcBfn0+SaqzAFMJGvJlCU
KFQ8mP0y+uuYuqKT78noFl4DImIFOD0S2opOU8M3lPd8nOQWMf8=
=6cJq
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.