Your submission was sent successfully! Close

CVE-2015-8751

Published: 17 February 2020

Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
precise Not vulnerable
(uses system jasper)
trusty Does not exist
(trusty was not-affected [uses system jasper])
upstream Needs triage

vivid Not vulnerable
(uses system jasper)
wily Not vulnerable
(uses system jasper)
jasper
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

vivid Not vulnerable

wily Not vulnerable

netpbm-free
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

vivid Not vulnerable
(code not present)
wily Not vulnerable
(code not present)

Notes

AuthorNote
mdeslaur
already fixed by 01-misc-fixes.patch in Ubuntu
probably a dupe of CVE-2008-3520

References

Bugs