CVE-2014-8158

Published: 22 January 2015

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [uses system jasper])
jasper
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.900.1-14ubuntu3.2])
Patches:
Vendor: http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch
netpbm-free
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])