CVE-2014-8157
Published: 22 January 2015
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
lucid |
Released
(8.71.dfsg.1-0ubuntu5.7)
|
| precise |
Not vulnerable
(uses system jasper)
|
|
| trusty |
Does not exist
(trusty was not-affected [uses system jasper])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(uses system jasper)
|
|
|
jasper Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Released
(1.900.1-13ubuntu0.2)
|
|
| trusty |
Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(1.900.1-debian1-2ubuntu0.2)
|
|
|
Patches: vendor: http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch |
||
|
netpbm-free Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(code not present)
|
|