CVE-2016-9601

Description

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.45%• Percentile: 64%

Techniques & Countermeasures

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

• CWE-190•Integer Overflow or Wraparound

  The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

• artifex•gpl_ghostscript

  < 9.21

• artifex•jbig2dec

  ≤ 0.13

• debian•debian_linux

  8.0 | 9.0

• unspecified•ghostscript

  ghostscript 0.14

References (6)

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601
• http://www.securityfocus.com/bid/97095
• http://git.ghostscript.com/?p=jbig2dec.git%3Ba=commit%3Bh=e698d5c11d27212aa1098bc5b1673a3378563092
• https://security.gentoo.org/glsa/201706-24
• https://www.debian.org/security/2017/dsa-3817
• https://bugs.ghostscript.com/show_bug.cgi?id=697457