CVE-2014-8138

Published: 24 December 2014

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [uses system jasper])
jasper
Launchpad, Ubuntu, Debian
Upstream
Released (1.900.1-debian1-2.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
netpbm-free
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])