Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 607188 (CVE-2016-9601) - <media-libs/jbig2dec-0.13-r1: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
Summary: <media-libs/jbig2dec-0.13-r1: Heap-buffer overflow due to Integer overflow in...
Status: RESOLVED FIXED
Alias: CVE-2016-9601
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks: 545234
  Show dependency tree
 
Reported: 2017-01-25 15:01 UTC by Thomas Deutschmann
Modified: 2017-06-22 18:36 UTC (History)
0 users

See Also:
Package list:
=media-libs/jbig2dec-0.13-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-01-25 15:01:26 UTC
A heap-buffer overflow caused by integer overflow was found in ghostscript's jbig2dec-0.13 (a decoder implementation of the JBIG2 image compression format). The vulnerability is caused by an Addition-1 integer overflow. The overflowed value is passed to function ‘malloc’ as the SIZE parameter and a buffer with zero size is allocated. Later, out-of-bound read/write can happen when accessing the buffer. Whether it’s an out-of-bound read vulnerability or out-of-bound write can be controlled by crafting the input .jb2 file. The vulnerability can cause Denial-of-Service or possibly corrupt some memory data.

Upstream bug:

https://bugs.ghostscript.com/show_bug.cgi?id=697457

Upstream patch:

http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092


@ Maintainer(s): Please rev bump and cherry-pick the patch.
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-01-25 15:06:45 UTC
According to https://bugs.ghostscript.com/show_bug.cgi?id=697457#c12 upstream is planning release not before March 2017. That's why we are asking maintainer(s) for cherry-picking.
Comment 2 Andreas K. Hüttel gentoo-dev 2017-02-19 17:52:17 UTC
Arches please test and stabilize, target all stable arches

=media-libs/jbig2dec-0.13-r1
Comment 3 Stabilization helper bot gentoo-dev 2017-02-19 18:00:55 UTC
An automated check of this bug failed - the following atom is unknown:

media-libs/jbig2dec-0.13-r1

Please verify the atom list.
Comment 4 Tobias Klausmann gentoo-dev 2017-02-21 11:55:54 UTC
Stable on alpha.
Comment 5 Jeroen Roovers gentoo-dev 2017-02-22 08:08:24 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2017-02-22 15:08:23 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-02-22 16:10:37 UTC
x86 stable
Comment 8 Michael Weber (RETIRED) gentoo-dev 2017-02-23 09:29:11 UTC
ppc64 stable.
Comment 9 Agostino Sarubbo gentoo-dev 2017-02-24 14:08:33 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-02-25 10:05:03 UTC
sparc stable
Comment 11 Markus Meier gentoo-dev 2017-02-28 17:31:55 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2017-03-11 17:18:00 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 13 Andreas K. Hüttel gentoo-dev 2017-03-11 18:09:40 UTC
Vulnerable versions removed
Comment 14 Yury German Gentoo Infrastructure gentoo-dev Security 2017-03-24 05:08:12 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 15 Andreas K. Hüttel gentoo-dev 2017-06-09 23:30:25 UTC
Nothing to do for graphics here anymore.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2017-06-22 18:36:19 UTC
This issue was resolved and addressed in
 GLSA 201706-24 at https://security.gentoo.org/glsa/201706-24
by GLSA coordinator Kristian Fiskerstrand (K_F).