Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8138

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8138
Last Modified 17 Apr 2015 09:59:21
Published 24 Dec 2014 01:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8138

Summary

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 6.0

  • Redhat Enterprise Linux 7.0

Application

  • Jasper Project Jasper 1.900.1


References

MISC - https://www.ocert.org/advisories/ocert-2014-012.html

SECUNIA - 61747

REDHAT - RHSA-2014:2021

MISC - http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html

SECUNIA - 62311

SECUNIA - 62619

SECUNIA - 62615

UBUNTU - USN-2483-2

UBUNTU - USN-2483-1

DEBIAN - DSA-3106

REDHAT - RHSA-2015:0698

MANDRIVA - MDVSA-2015:012

CONFIRM - http://advisories.mageia.org/MGASA-2014-0539.html

MANDRIVA - MDVSA-2015:159

SUSE - openSUSE-SU-2015:0042

SUSE - openSUSE-SU-2015:0039

SUSE - openSUSE-SU-2015:0038


Last Updated: 27 May 2016 11:08:32