Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697693
Acknowledgments: Name: Jiaqi Peng (Chinese Academy of Sciences)
Created jbig2dec tracking bugs for this issue: Affects: epel-all [bug 1443899]
Note: in 64 bits environment, OOB write concerns only the 0xffffffffxxxxxxxx range. This range is at best read-only, thus would not lead to a possible arbitrary code execution.
Reducing impact to low based on comment 4.
The vulnerability requires user defined Huffman table for the vulnerability to be triggered. ghostscript versions prior to 9.00 are not be affected by this vulnerability. As a result, * RHEL-7 is shipped with only the 64 bit version of ghostscript, and is only vulnerable to DoS * RHEL-5 & 6 are not affected.