Red Hat Bugzilla – Bug 1410021
CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
Last modified: 2017-01-04 10:35:31 EST
A heap-buffer overflow caused by integer overflow was found in ghostscript's jbig2dec-0.13 (a decoder implementation of the JBIG2 image compression format). The vulnerability is caused by an Addition-1 integer overflow. The overflowed value is passed to function ‘malloc’ as the SIZE parameter and a buffer with zero size is allocated. Later, out-of-bound read/write can happen when accessing the buffer. Whether it’s an out-of-bound read vulnerability or out-of-bound write can be controlled by crafting the input .jb2 file. The vulnerability can cause Denial-of-Service or possibly corrupt some memory data.
Name: Bingchang Liu (IIE)
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1410022]