CVE-2014-8158

Published: 22 January 2015

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Priority

Status

Package	Release	Status
ghostscript Launchpad, Ubuntu, Debian	lucid	Released (8.71.dfsg.1-0ubuntu5.7)
	precise	Not vulnerable (uses system jasper)
	trusty	Does not exist (trusty was not-affected [uses system jasper])
	upstream	Needs triage
	utopic	Not vulnerable (uses system jasper)
jasper Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (1.900.1-13ubuntu0.2)
	trusty	Does not exist (trusty was released [1.900.1-14ubuntu3.2])
	upstream	Needs triage
	utopic	Released (1.900.1-debian1-2ubuntu0.2)
	Patches: vendor: http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch
netpbm-free Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Needs triage
	utopic	Not vulnerable (code not present)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›