Source: jbig2dec Version: 0.13-3 Severity: important Tags: security upstream
Hi, the following vulnerability was published for jbig2dec. NOTE: Actually not much has been published yet. There is an upstream bugreport at [1], so I opening this bug in the Debian BTS to help tracking the issue. There is a report, but it is restricted to the developers yet. From a look at the trace and the current code some issue might be present, but it is not really possible to say more yet without having access to the report ... hope you as maintainers could find more out from upstream. There is as well no patch referenced yet. CVE-2016-9601[0]: Heap-buffer overflow due to Integer overflow in jbig2_image_new function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697457 Please adjust the affected versions in the BTS as needed, once more known. Regards, Salvatore
