Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8157

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8157
Last Modified 02 Apr 2015 09:59:29
Published 26 Jan 2015 10:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8157

Summary

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

  • Redhat Enterprise Linux 6.0

  • Redhat Enterprise Linux 7.0

Application

  • Jasper Project Jasper 1.900.1


References

MISC - http://www.ocert.org/advisories/ocert-2015-001.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1179282

REDHAT - RHSA-2015:0074

SECUNIA - 62765

SECUNIA - 62619

SECUNIA - 62615

SECUNIA - 62583

DEBIAN - DSA-3138

SUSE - openSUSE-SU-2015:0200

UBUNTU - USN-2483-2

UBUNTU - USN-2483-1

REDHAT - RHSA-2015:0698

MANDRIVA - MDVSA-2015:034

CONFIRM - http://advisories.mageia.org/MGASA-2015-0038.html

MANDRIVA - MDVSA-2015:159


Last Updated: 27 May 2016 11:08:15