CVE-2015-8751

Published: 17 February 2020

Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system jasper)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [uses system jasper])
jasper
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
netpbm-free
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])

Notes

AuthorNote
mdeslaur
already fixed by 01-misc-fixes.patch in Ubuntu
probably a dupe of CVE-2008-3520

References

Bugs