Bug 707308 (CVE-2023-46361)

Summary: SUMMARY: AddressSanitizer: SEGV /test2/jbig2dec/jbig2.c:98 in jbig2_error (CVE-2023-46361)
Product: jbig2dec Reporter: Salvatore Bonaccorso <carnil>
Component: ParsingAssignee: Sebastian Rasmussen <sebastian.rasmussen>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: P2    
Version: master   
Hardware: PC   
OS: Linux   
URL: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md
Customer: Word Size: ---

Description Salvatore Bonaccorso 2023-11-04 15:51:27 UTC 
Hi

It looks that someone found a segfault in jbig2dec and got a CVE assigned. It does not look that this was reported to upstream at all.

The report is at https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md

Cf. https://www.cve.org/CVERecord?id=CVE-2023-46361

I think there is no need to make the report private, but wanted to make you
aware in case it was not reported to you yet.
Comment 1 Salvatore Bonaccorso 2023-11-04 16:26:17 UTC 
The issue might be potentially the same as https://bugs.ghostscript.com/show_bug.cgi?id=705041
Comment 2 Sebastian Rasmussen 2023-11-05 11:20:46 UTC 
Thanks for notifying me that there is a CVE attached to this. And you are quite right, it is indeed the same bug.

*** This bug has been marked as a duplicate of bug 705041 ***