CVE-2014-8137

Published: 24 December 2014

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Priority

Low

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [uses system jasper])
jasper
Launchpad, Ubuntu, Debian
Upstream
Released (1.900.1-debian1-2.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
netpbm-free
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])