CVE-2016-9601

Priority
Description
ghostscript before version 9.21 is vulnerable to a heap based buffer
overflow that was found in the ghostscript jbig2_decode_gray_scale_image
function which is used to decode halftone segments in a JBIG2 image. A
document (PostScript or PDF) with an embedded, specially crafted, jbig2
image could trigger a segmentation fault in ghostscript.
Assigned-to
mdeslaur
Package
Upstream:released (0.13-4)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:released (0.11+20120125-1ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.12+20150918-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.13-4.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (0.13-4.1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.13-4.1)
Ubuntu 19.10 (Eoan):not-affected (0.13-4.1)
Patches:
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=1369359f21a1c8a055cc745f920b17fbc3f30efd (bp)
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092
Upstream:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544
More Information

Updated: 2019-04-26 14:18:21 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)