A heap-buffer overflow caused by integer overflow was found in ghostscript's jbig2dec-0.13 (a decoder implementation of the JBIG2 image compression format). The vulnerability is caused by an Addition-1 integer overflow. The overflowed value is passed to function ‘malloc’ as the SIZE parameter and a buffer with zero size is allocated. Later, out-of-bound read/write can happen when accessing the buffer. Whether it’s an out-of-bound read vulnerability or out-of-bound write can be controlled by crafting the input .jb2 file. The vulnerability can cause Denial-of-Service or possibly corrupt some memory data.
@ Maintainer(s): Please rev bump and cherry-pick the patch.
According to https://bugs.ghostscript.com/show_bug.cgi?id=697457#c12 upstream is planning release not before March 2017. That's why we are asking maintainer(s) for cherry-picking.
Arches please test and stabilize, target all stable arches
An automated check of this bug failed - the following atom is unknown:
Please verify the atom list.
Stable on alpha.
Stable for HPPA.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Vulnerable versions removed
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Nothing to do for graphics here anymore.
This issue was resolved and addressed in
GLSA 201706-24 at https://security.gentoo.org/glsa/201706-24
by GLSA coordinator Kristian Fiskerstrand (K_F).