Your submission was sent successfully! Close

CVE-2014-8157

Published: 22 January 2015

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
lucid
Released (8.71.dfsg.1-0ubuntu5.7)
precise Not vulnerable
(uses system jasper)
trusty Does not exist
(trusty was not-affected [uses system jasper])
upstream Needs triage

utopic Not vulnerable
(uses system jasper)
jasper
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1.900.1-13ubuntu0.2)
trusty Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
upstream Needs triage

utopic
Released (1.900.1-debian1-2ubuntu0.2)
netpbm-free
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

utopic Not vulnerable
(code not present)