CVE-2016-9601

Опубликовано: 28 дек. 2016

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

A heap based buffer overflow was found in the ghostscript jbig2_decode_gray_scale_image() function used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	ghostscript	Not affected
Red Hat Enterprise Linux 6	ghostscript	Not affected
Red Hat Enterprise Linux 7	ghostscript	Will not fix
Red Hat OpenShift Enterprise 2	ghostscript	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-190->CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1410021ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function

EPSS

Процентиль: 63%

0.0045

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2016-9601

CVSS3: 5.3

ubuntu

почти 8 лет назад

CVE-2016-9601

CVSS3: 5.3

nvd

почти 8 лет назад

CVE-2016-9601

CVSS3: 5.3

debian

почти 8 лет назад

ghostscript before version 9.21 is vulnerable to a heap based buffer o ...

GHSA-vf87-jj8q-h556

CVSS3: 5.5

github

больше 3 лет назад

SUSE-SU-2018:1369-1

suse-cvrf

больше 7 лет назад

Security update for ghostscript-library

EPSS

Процентиль: 63%

0.0045

Низкий

5.3 Medium

CVSS3