Bug#850497: jbig2dec: CVE-2016-9601: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
Source: jbig2dec
Version: 0.13-3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for jbig2dec.
NOTE: Actually not much has been published yet. There is an upstream
bugreport at [1], so I opening this bug in the Debian BTS to help
tracking the issue. There is a report, but it is restricted to the
developers yet. From a look at the trace and the current code some
issue might be present, but it is not really possible to say more yet
without having access to the report ... hope you as maintainers could
find more out from upstream. There is as well no patch referenced yet.
CVE-2016-9601[0]:
Heap-buffer overflow due to Integer overflow in jbig2_image_new function
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697457
Please adjust the affected versions in the BTS as needed, once more
known.
Regards,
Salvatore
Reply to: