CVE-2016-9601

Impact:
Low
Public Date:
2016-12-28
CWE:
CWE-190->CWE-122
Bugzilla:
1410021: CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
A heap based buffer overflow was found in the ghostscript jbig2_decode_gray_scale_image() function used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.

Find out more about CVE-2016-9601 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat OpenShift Enterprise 2 ghostscript Will not fix
Red Hat Enterprise Linux 7 ghostscript Will not fix
Red Hat Enterprise Linux 6 ghostscript Not affected
Red Hat Enterprise Linux 5 ghostscript Not affected

Acknowledgements

Red Hat would like to thank Bingchang Liu (IIE) for reporting this issue.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.