707308 – (CVE-2023-46361) SUMMARY: AddressSanitizer: SEGV /test2/jbig2dec/jbig2.c:98 in jbig2_error (CVE-2023-46361)

Bug 707308 (CVE-2023-46361) - SUMMARY: AddressSanitizer: SEGV /test2/jbig2dec/jbig2.c:98 in jbig2_error (CVE-2023-46361)

Summary: SUMMARY: AddressSanitizer: SEGV /test2/jbig2dec/jbig2.c:98 in jbig2_error (CV...

Status:	RESOLVED DUPLICATE of bug 705041

Alias:	CVE-2023-46361

Product:	jbig2dec
Classification:	Unclassified
Component:	Parsing (show other bugs)
Version:	master
Hardware:	PC Linux

Importance:	P2 normal
Assignee:	Sebastian Rasmussen

URL:	https://github.com/Frank-Z7/z-vulnera...
Keywords:

Depends on:
Blocks:

Reported:	2023-11-04 15:51 UTC by Salvatore Bonaccorso
Modified:	2023-11-05 11:20 UTC (History)
CC List:	0 users

See Also:
Customer:
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Salvatore Bonaccorso 2023-11-04 15:51:27 UTC

Hi

It looks that someone found a segfault in jbig2dec and got a CVE assigned. It does not look that this was reported to upstream at all.

The report is at https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md

Cf. https://www.cve.org/CVERecord?id=CVE-2023-46361

I think there is no need to make the report private, but wanted to make you
aware in case it was not reported to you yet.

Comment 1 Salvatore Bonaccorso 2023-11-04 16:26:17 UTC

The issue might be potentially the same as https://bugs.ghostscript.com/show_bug.cgi?id=705041

Comment 2 Sebastian Rasmussen 2023-11-05 11:20:46 UTC

Thanks for notifying me that there is a CVE attached to this. And you are quite right, it is indeed the same bug.

*** This bug has been marked as a duplicate of bug 705041 ***