From ${URL} : Description Red Hat Product Security Team has reported a vulnerability in JBIG-KIT, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error in the "jbg_dec_in()" function (jbig.c), which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 2.1. Solution: Update to version 2.1. Provided and/or discovered by: Florian Weimer, Red Hat Product Security Team. Original Advisory: JBIG-KIT: https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES Red Hat Product Security Team: https://bugzilla.redhat.com/show_bug.cgi?id=1032273 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Please test and stabilize: =media-libs/jbigkit-2.1
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
alpha stable
arm stable
CVE-2013-6369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6369): Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. Added to new GLSA Request
This issue was resolved and addressed in GLSA 201405-20 at http://security.gentoo.org/glsa/glsa-201405-20.xml by GLSA coordinator Mikle Kolyada (Zlogene).