Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-8158

Published: 26/01/2015 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jasper Project

Vulnerability Summary

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and previous versions allow remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jasper project jasper

debian debian linux 7.0

redhat enterprise linux 7.0

redhat enterprise linux 6.0

opensuse opensuse 13.1

opensuse opensuse 13.2

Vendor Advisories

Red Hat: Important: jasper security update
Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic Updated jasper packages that fix two security issues are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Common Vulnerability Scori ...
Debian CVElist Bug Report Logs: jasper: CVE-2014-8157 CVE-2014-8158
Debian Bug report logs - #775970 jasper: CVE-2014-8157 CVE-2014-8158 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: "Karl O Pinc" <kop@memecom> Date: Thu, 22 Jan 2015 03:21:02 UTC Severity: grave Tags: patch, security, upstream Found in version jasper/19001-7 Fix ...
Ubuntu Security Notice: ghostscript vulnerabilities
Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file ...
Ubuntu Security Notice: jasper vulnerabilities
JasPer could be made to crash or run programs as your login if it opened a specially crafted file ...
Amazon Linux AMI: ALAS-2015-479
An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files A spe ...
Red Hat: CVE-2014-8158
An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code ...
Arch Linux Issues:
An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code ...

References

CWE-119http://rhn.redhat.com/errata/RHSA-2015-0074.htmlhttp://www.ocert.org/advisories/ocert-2015-001.htmlhttp://secunia.com/advisories/62765http://secunia.com/advisories/62619http://secunia.com/advisories/62615http://secunia.com/advisories/62583http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.htmlhttp://www.debian.org/security/2015/dsa-3138http://www.ubuntu.com/usn/USN-2483-1http://www.ubuntu.com/usn/USN-2483-2http://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:034http://advisories.mageia.org/MGASA-2015-0038.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.securityfocus.com/bid/72293https://access.redhat.com/errata/RHSA-2015:0074https://nvd.nist.govhttps://usn.ubuntu.com/2483-2/https://access.redhat.com/security/cve/cve-2014-8158
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook