CVE-2016-9601
Published: 31 December 2016
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Priority
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
jbig2dec Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(0.13-4.1)
|
| bionic |
Not vulnerable
(0.13-4.1)
|
|
| cosmic |
Not vulnerable
(0.13-4.1)
|
|
| disco |
Not vulnerable
(0.13-4.1)
|
|
| eoan |
Not vulnerable
(0.13-4.1)
|
|
| focal |
Not vulnerable
(0.13-4.1)
|
|
| groovy |
Not vulnerable
(0.13-4.1)
|
|
| hirsute |
Not vulnerable
(0.13-4.1)
|
|
| precise |
Ignored
(end of ESM support, was needed)
|
|
| trusty |
Released
(0.11+20120125-1ubuntu1.1)
|
|
| upstream |
Released
(0.13-4)
|
|
| xenial |
Released
(0.12+20150918-1ubuntu0.1)
|
|
| yakkety |
Released
(0.13-2ubuntu0.1)
|
|
| zesty |
Not vulnerable
(0.13-4)
|
|
|
Patches: upstream: http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=1369359f21a1c8a055cc745f920b17fbc3f30efd (bp) upstream: http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092 upstream: http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544 |
||