CVE - CVE-2016-9601

CVE-ID
CVE-2016-9601	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:97095 URL:http://www.securityfocus.com/bid/97095 CONFIRM:http://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=e698d5c11d27212aa1098bc5b1673a3378563092 CONFIRM:https://bugs.ghostscript.com/show_bug.cgi?id=697457 DEBIAN:DSA-3817 URL:https://www.debian.org/security/2017/dsa-3817 GENTOO:GLSA-201706-24 URL:https://security.gentoo.org/glsa/201706-24 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601
Assigning CNA
Red Hat, Inc.
Date Record Created
20161123	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20161123)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)