Published: 26/01/2015 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and previous versions allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse opensuse 13.2
debian debian linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux 7.0
jasper project jasper

Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic Updated jasper packages that fix two security issues are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Common Vulnerability Scori ...

Debian Bug report logs - #775970 jasper: CVE-2014-8157 CVE-2014-8158 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: "Karl O Pinc" <kop@memecom> Date: Thu, 22 Jan 2015 03:21:02 UTC Severity: grave Tags: patch, security, upstream Found in version jasper/19001-7 Fix ...

Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file ...

JasPer could be made to crash or run programs as your login if it opened a specially crafted file ...

An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files A spe ...

An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code ...

CWE-189 http://rhn.redhat.com/errata/RHSA-2015-0074.html http://www.ocert.org/advisories/ocert-2015-001.html https://bugzilla.redhat.com/show_bug.cgi?id=1179282 http://secunia.com/advisories/62765 http://secunia.com/advisories/62619 http://secunia.com/advisories/62615 http://secunia.com/advisories/62583 http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html http://www.debian.org/security/2015/dsa-3138 http://www.ubuntu.com/usn/USN-2483-1 http://www.ubuntu.com/usn/USN-2483-2 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:034 http://advisories.mageia.org/MGASA-2015-0038.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 http://www.securityfocus.com/bid/72296 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://access.redhat.com/errata/RHSA-2015:0074 https://nvd.nist.gov https://usn.ubuntu.com/2483-2/https://access.redhat.com/security/cve/cve-2014-8157

CVE-2014-8157

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect