In debugging bug 689841, I noticed the data_length field in the segment header was getting sign extended on x86_64. This is because jbig2_get_int32 is returning a signed integer even though the field is a uint32_t in the format. So we've been mishandling any segment length over 2^31, it just hasn't come up before. The code should be reviewed and either change jbig2_get_int32 to jbig2_get_uint32 or add a second call, depending on how many signed fields we need to read.
Fixed in http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7d77dabf5a1e24118455a5c0417ae75c5d5dcf60