Published: 24/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex gpl ghostscript
debian debian linux 8.0
debian debian linux 9.0
artifex jbig2dec

Debian Bug report logs - #850497 jbig2dec: CVE-2016-9601: Heap-buffer overflow due to Integer overflow in jbig2_image_new function Package: src:jbig2dec; Maintainer for src:jbig2dec is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Jan 2017 ...

Several security issues were fixed in jbig2dec ...

Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file (usually embedded in a PDF document) is opened For the stable distribution (jessie), this problem has been fixed in version 013-4~deb8u1 For the upcoming stable distributi ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601 https://bugs.ghostscript.com/show_bug.cgi?id=697457 https://www.debian.org/security/2017/dsa-3817 https://security.gentoo.org/glsa/201706-24 http://www.securityfocus.com/bid/97095 http://git.ghostscript.com/?p=jbig2dec.git%3Ba=commit%3Bh=e698d5c11d27212aa1098bc5b1673a3378563092 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850497 https://usn.ubuntu.com/3297-1/https://nvd.nist.gov

CVE-2016-9601

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect