CVE-2014-8137
Published: 24 December 2014
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
lucid |
Released
(8.71.dfsg.1-0ubuntu5.7)
|
precise |
Not vulnerable
(uses system jasper)
|
|
trusty |
Does not exist
(trusty was not-affected [uses system jasper])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(uses system jasper)
|
|
jasper Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
precise |
Released
(1.900.1-13ubuntu0.2)
|
|
trusty |
Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
|
|
upstream |
Released
(1.900.1-debian1-2.3)
|
|
utopic |
Released
(1.900.1-debian1-2ubuntu0.2)
|
|
netpbm-free Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(code not present)
|