Home

CVE-2016-9601

Description

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.45

Associated Vulnerability

VulnerabilityOS Platform
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) jbig2dec_0.12+20150918-1ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-2ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.13-4ubuntu0.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.11+20120125-1ubuntu1.1_amd64.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_i386.debLinux
JBIG2 decoder library (USN-3297-1) libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.debLinux
jbig2dec security update(DSA-3817-1) jbig2dec_0.13-4~deb8u1_i386.debLinux
jbig2dec security update(DSA-3817-1) jbig2dec_0.13-4~deb8u1_amd64.debLinux
jbig2dec security update(DSA-3817-1) jbig2dec_0.13-4~deb8u1_kfreebsd-i386.debLinux
jbig2dec security update(DSA-3817-1) jbig2dec_0.13-4~deb8u1_kfreebsd-amd64.debLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-fonts-other-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-fonts-rus-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-fonts-std-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-library-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-omni-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) ghostscript-x11-8.62-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2018:1369-1(SUSE Linux Enterprise Server 11-SP4 ) libgimpprint-4.2.7-32.47.10.1.x86_64.rpmLinux
SUSE-SU-2017:1404-1(SUSE Linux Enterprise Desktop 12-SP1 ) ghostscript-9.15-22.1.x86_64.rpmLinux
SUSE-SU-2017:1404-1(SUSE Linux Enterprise Desktop 12-SP1 ) ghostscript-debuginfo-9.15-22.1.x86_64.rpmLinux
SUSE-SU-2017:1404-1(SUSE Linux Enterprise Desktop 12-SP1 ) ghostscript-debugsource-9.15-22.1.x86_64.rpmLinux
SUSE-SU-2017:1404-1(SUSE Linux Enterprise Desktop 12-SP1 ) ghostscript-x11-9.15-22.1.x86_64.rpmLinux
SUSE-SU-2017:1404-1(SUSE Linux Enterprise Desktop 12-SP1 ) ghostscript-x11-debuginfo-9.15-22.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234