Уязвимость повреждения памяти в Ghostscript через переполнение буфера в функции jbig2_decode_gray_scale_image
Описание
В Ghostscript была найдена уязвимость переполнения буфера на куче в функции jbig2_decode_gray_scale_image, которая используется для декодирования полутоновых сегментов в изображении JBIG2. Документ (PostScript или PDF) с встроенным специально составленным изображением jbig2 способен вызвать ошибку сегментации в Ghostscript.
Затронутые версии ПО
- Ghostscript версий до 9.21
Тип уязвимости
Переполнение буфера на куче
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
ghostscript before version 9.21 is vulnerable to a heap based buffer o ...
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
EPSS
5.3 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2