CVE-2016-9601

Priority
Description
ghostscript before version 9.21 is vulnerable to a heap based buffer
overflow that was found in the ghostscript jbig2_decode_gray_scale_image
function which is used to decode halftone segments in a JBIG2 image. A
document (PostScript or PDF) with an embedded, specially crafted, jbig2
image could trigger a segmentation fault in ghostscript.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.13-4)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):released (0.11+20120125-1ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.12+20150918-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.13-4.1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.13-4.1)
Ubuntu 19.10 (Eoan):not-affected (0.13-4.1)
Patches:
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=1369359f21a1c8a055cc745f920b17fbc3f30efd (bp)
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544
More Information

Updated: 2019-10-18 02:28:49 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)