CVE-2014-8137

Published: 24 December 2014

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Priority

Status

Package	Release	Status
ghostscript Launchpad, Ubuntu, Debian	lucid	Released (8.71.dfsg.1-0ubuntu5.7)
	precise	Not vulnerable (uses system jasper)
	trusty	Does not exist (trusty was not-affected [uses system jasper])
	upstream	Needs triage
	utopic	Not vulnerable (uses system jasper)
jasper Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (1.900.1-13ubuntu0.2)
	trusty	Does not exist (trusty was released [1.900.1-14ubuntu3.2])
	upstream	Released (1.900.1-debian1-2.3)
	utopic	Released (1.900.1-debian1-2ubuntu0.2)
netpbm-free Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Needs triage
	utopic	Not vulnerable (code not present)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›