Control: tags -1 + fixed-upstream On Thu, Apr 20, 2017 at 08:15:29AM +0200, Salvatore Bonaccorso wrote: > Source: jbig2dec > Version: 0.13-4 > Severity: important > Tags: upstream security > Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693 > Control: found -1 0.13-4~deb8u1 > > Hi, > > the following vulnerability was published for jbig2dec. > > CVE-2017-7975[0]: > | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds > | writes because of an integer overflow in the jbig2_build_huffman_table > | function in jbig2_huffman.c during operations on a crafted JBIG2 file, > | leading to a denial of service (application crash) or possibly > | execution of arbitrary code.
Fixed in http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b Regards, Salvatore
