Bug 1018128 (CVE-2016-9601) - VUL-1: CVE-2016-9601: ghostscript,ghostscript-library,jbig2dec: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
Summary: VUL-1: CVE-2016-9601: ghostscript,ghostscript-library,jbig2dec: Heap-buffer o...
Status: RESOLVED FIXED
Alias: CVE-2016-9601
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/178245/
Whiteboard: CVSSv2:SUSE:CVE-2016-9601:3.3:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-04 15:40 UTC by Andreas Stieger
Modified: 2020-06-11 20:31 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-04 15:40:36 UTC
https://bugs.ghostscript.com/show_bug.cgi?id=697457

The vulnerability is caused by an Addition-1 integer overflow. The overflowed value will be passed to function ‘malloc’ as the SIZE parameter and a buffer with 0 size is allocated. Later, out-of-bound read/write can happen when accessing the buffer. Whether it’s an out-of-bound read vulnerability or out-of-bound write can be controlled by crafting the input .jb2 file. The vulnerability can cause Denial-of-Service (maybe corrupt some key memory data).

ghostscript has the lib bundled, openSUSE has a stand-alone jbig2dec package in addition.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1410021
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9601
Comment 1 Andreas Stieger 2017-01-04 15:46:01 UTC
The reproducer on https://bugs.ghostscript.com/show_bug.cgi?id=697457 is private at this time.

There is no upstream patch at this time.

Pending update.
Comment 2 Swamp Workflow Management 2017-01-04 23:00:26 UTC
bugbot adjusting priority
Comment 5 Swamp Workflow Management 2017-04-28 22:09:08 UTC
SUSE-SU-2017:1138-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server 12-SP1 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ghostscript-9.15-20.1
Comment 6 Swamp Workflow Management 2017-05-08 16:15:50 UTC
openSUSE-SU-2017:1203-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
openSUSE Leap 42.2 (src):    ghostscript-9.15-11.3.1, ghostscript-mini-9.15-11.3.1
openSUSE Leap 42.1 (src):    ghostscript-9.15-17.1, ghostscript-mini-9.15-17.1
Comment 7 Marcus Meissner 2017-05-15 15:00:57 UTC
released
Comment 8 Swamp Workflow Management 2017-05-24 19:13:41 UTC
SUSE-SU-2017:1404-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server for SAP 12 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-LTSS (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ghostscript-9.15-22.1
Comment 10 Swamp Workflow Management 2018-05-03 13:07:24 UTC
SUSE-SU-2018:1140-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1018128,1030263,1032138,1032230,1040643,1050879,1050887,1050888,1050889,1050891,1051184
CVE References: CVE-2016-10219,CVE-2016-9601,CVE-2017-11714,CVE-2017-7207,CVE-2017-9216,CVE-2017-9612,CVE-2017-9726,CVE-2017-9727,CVE-2017-9739,CVE-2017-9835
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ghostscript-library-8.62-32.47.7.1
SUSE Linux Enterprise Server 11-SP4 (src):    ghostscript-library-8.62-32.47.7.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ghostscript-library-8.62-32.47.7.1
Comment 12 Marcus Meissner 2020-01-27 15:39:59 UTC
fixed