CVE-2016-9601
published 2018-04-24CVE-2016-9601: ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is…
PriorityP423medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.81%
76.0th percentile
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | gpl_ghostscript | < 9.21 | 9.21 |
| artifex | jbig2dec | <= 0.13 | — |
| artifex | jbig2dec | >= 0 < 0.13-4 | 0.13-4 |
| artifex | jbig2dec | >= 0 < 0.13-4 | 0.13-4 |
| artifex | jbig2dec | >= 0 < 0.13-4 | 0.13-4 |
| artifex | jbig2dec | >= 0 < 0.13-4 | 0.13-4 |
| artifex | jbig2dec | >= 0 < 0.11+20120125-1ubuntu1.1 | 0.11+20120125-1ubuntu1.1 |
| artifex | jbig2dec | >= 0 < 0.12+20150918-1ubuntu0.1 | 0.12+20150918-1ubuntu0.1 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | jbig2dec | < jbig2dec 0.13-4 (bookworm) | jbig2dec 0.13-4 (bookworm) |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.4 | 2.3.0-1ubuntu3.4 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.2 | 2.3.0-1ubuntu3.2 |
| python | pillow | >= 0 < 3.1.2-0ubuntu1.1 | 3.1.2-0ubuntu1.1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vf87-jj8q-h556: ghostscript before version 9
ghsa_unreviewed·2022-05-13
CVE-2016-9601 [MEDIUM] CWE-119 GHSA-vf87-jj8q-h556: ghostscript before version 9
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
OSV
CVE-2016-9601: ghostscript before version 9
osv·2018-04-24·CVSS 5.5
CVE-2016-9601 [MEDIUM] CVE-2016-9601: ghostscript before version 9
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
OSV
jbig2dec vulnerabilities
osv·2017-05-24·CVSS 5.5
CVE-2016-9601 [MEDIUM] jbig2dec vulnerabilities
jbig2dec vulnerabilities
Bingchang Liu discovered that jbig2dec incorrectly handled memory when
decoding malformed image files. If a user or automated system were tricked
into processing a specially crafted JBIG2 image file, a remote attacker
could cause jbig2dec to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only applied to Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)
It was discovered that jbig2dec incorrectly handled memory when decoding
malformed image files. If a user or automated system were tricked into
processing a specially crafted JBIG2 image file, a remote attacker could
cause jbig2dec to crash, resulting in a denial of service, or possibly
disclose sensitive information. (CVE-2017-7885)
Jiaqi Peng discovered
OSV
pillow vulnerabilities
osv·2017-03-13·CVSS 5.0
CVE-2014-9601 pillow vulnerabilities
pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain compressed text
chunks in PNG images. A remote attacker could possibly use this issue to
cause Pillow to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2014-9601)
Cris Neckar discovered that Pillow incorrectly handled certain malformed
images. A remote attacker could use this issue to cause Pillow to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-9189)
Cris Neckar discovered that Pillow incorrectly handled certain malformed
images. A remote attacker could use this issue to cause Pillow to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9190)
OSV
Pillow vulnerabilities
osv·2016-09-27·CVSS 5.0
CVE-2014-9601 Pillow vulnerabilities
Pillow vulnerabilities
It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)
Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)
Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
Ubuntu
jbig2dec vulnerabilities
vendor_ubuntu·2017-05-24·CVSS 5.3
CVE-2016-9601 [MEDIUM] jbig2dec vulnerabilities
Title: jbig2dec vulnerabilities
Summary: Several security issues were fixed in jbig2dec.
Bingchang Liu discovered that jbig2dec incorrectly handled memory when
decoding malformed image files. If a user or automated system were tricked
into processing a specially crafted JBIG2 image file, a remote attacker
could cause jbig2dec to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only applied to Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)
It was discovered that jbig2dec incorrectly handled memory when decoding
malformed image files. If a user or automated system were tricked into
processing a specially crafted JBIG2 image file, a remote attacker could
cause jbig2dec to crash, resulting in a denial of service, or possibly
discl
Red Hat
ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
vendor_redhat·2016-12-28·CVSS 5.3
CVE-2016-9601 [MEDIUM] CWE-190 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
A heap based buffer overflow was found in the ghostscript jbig2_decode_gray_scale_image() function used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Package: ghostscript (Red Hat Enterprise Linux 5) - Not affected
Package: ghostscript (
Debian
CVE-2016-9601: jbig2dec - ghostscript before version 9.21 is vulnerable to a heap based buffer overflow th...
vendor_debian·2016·CVSS 5.3
CVE-2016-9601 [MEDIUM] CVE-2016-9601: jbig2dec - ghostscript before version 9.21 is vulnerable to a heap based buffer overflow th...
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Scope: local
bookworm: resolved (fixed in 0.13-4)
bullseye: resolved (fixed in 0.13-4)
forky: resolved (fixed in 0.13-4)
sid: resolved (fixed in 0.13-4)
trixie: resolved (fixed in 0.13-4)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function
bugzilla·2017-04-20·CVSS 5.3
CVE-2017-7976 [MEDIUM] CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function
CVE-2017-7976 jbig2dec: Integer overflow in the jbig2_image_compose_function
Artifex jbig2dec allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash).
Upstream bug:
https://bugs.ghostscript.com/show_bug.cgi?id=697683
Discussion:
Created jbig2dec tracking bugs for this issue:
Affects: epel-all [bug 1443899]
Affects: fedora-all [bug 1443898]
---
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1443934]
Created mupdf tracking bugs for this issue:
Affects: fedora-all [bug 1443933]
---
Acknowledgments:
Name: Dai Ge (Chinese Academy of Sciences)
---
CVE-2017-7976 is a regression caused by the upst
Bugzilla
CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
bugzilla·2017-01-04·CVSS 5.3
CVE-2016-9601 [MEDIUM] CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
A heap-buffer overflow caused by integer overflow was found in ghostscript's jbig2dec-0.13 (a decoder implementation of the JBIG2 image compression format). The vulnerability is caused by an Addition-1 integer overflow. The overflowed value is passed to function ‘malloc’ as the SIZE parameter and a buffer with zero size is allocated. Later, out-of-bound read/write can happen when accessing the buffer. Whether it’s an out-of-bound read vulnerability or out-of-bound write can be controlled by crafting the input .jb2 file. The vulnerability can cause Denial-of-Service or possibly corrupt some memory data.
Upstream bug:
https://bugs.ghostscript.com/show_bug.cgi?id=697457
Discussion:
Acknowl
Bugzilla
CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function [fedora-all]
bugzilla·2017-01-04·CVSS 5.3
CVE-2016-9601 [MEDIUM] CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function [fedora-all]
CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
http://git.ghostscript.com/?p=jbig2dec.git%3Ba=commit%3Bh=e698d5c11d27212aa1098bc5b1673a3378563092http://www.securityfocus.com/bid/97095https://bugs.ghostscript.com/show_bug.cgi?id=697457https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601https://security.gentoo.org/glsa/201706-24https://www.debian.org/security/2017/dsa-3817http://git.ghostscript.com/?p=jbig2dec.git%3Ba=commit%3Bh=e698d5c11d27212aa1098bc5b1673a3378563092http://www.securityfocus.com/bid/97095https://bugs.ghostscript.com/show_bug.cgi?id=697457https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601https://security.gentoo.org/glsa/201706-24https://www.debian.org/security/2017/dsa-3817
2018-04-24
Published