CVE-2016-9601

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ghostscript versions prior to 9.21

Description The issue is related to a heap-based buffer overflow found in the jbig2 decode gray scale image function, which is used for decoding halftone segments in JBIG2 images. A document, such as PostScript or PDF, containing a specially crafted JBIG2 image could trigger a segmentation fault in ghostscript.

Recommendations For versions prior to 9.21, update to version 9.21 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the jbig2 decode gray scale image function until a patch is available. Restrict access to documents with embedded JBIG2 images to minimize the risk of exploitation.

Fix

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190

Related Identifiers

ALT-PU-2018-2344

ALT-PU-2020-3377

ALT-PU-2020-3413

ALT-PU-2024-11124

CVE-2016-9601

DLA-874-1

DSA-3817-1

MGASA-2017-0133

MGASA-2017-0206

OPENSUSE-SU-2017_1203-1

SUSE-SU-2017:1138-1

SUSE-SU-2017:1404-1

SUSE-SU-2018:1140-1

SUSE-SU-2018:1369-1

SUSE-SU-2018_1369-1

USN-3297-1

Affected Products

Alt Linux

Suse

Ubuntu

Ghostscript

CVE-2016-9601

Weakness Enumeration

Related Identifiers

Affected Products

References · 65