ID CVE-2014-8137
Summary Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2014:2021
  • rhsa
    id RHSA-2015:0698
  • rhsa
    id RHSA-2015:1713
rpms
  • jasper-0:1.900.1-26.el7_0.2
  • jasper-devel-0:1.900.1-26.el7_0.2
  • jasper-libs-0:1.900.1-26.el7_0.2
  • jasper-utils-0:1.900.1-26.el7_0.2
  • jasper-0:1.900.1-16.el6_6.2
  • jasper-devel-0:1.900.1-16.el6_6.2
  • jasper-libs-0:1.900.1-16.el6_6.2
  • jasper-utils-0:1.900.1-16.el6_6.2
refmap via4
bid 71742
confirm http://advisories.mageia.org/MGASA-2014-0539.html
debian DSA-3106
mandriva
  • MDVSA-2015:012
  • MDVSA-2015:159
misc
sectrack 1033459
secunia
  • 61747
  • 62311
  • 62615
  • 62619
slackware SSA:2015-302-02
suse
  • openSUSE-SU-2015:0038
  • openSUSE-SU-2015:0039
  • openSUSE-SU-2015:0042
ubuntu
  • USN-2483-1
  • USN-2483-2
Last major update 05-01-2018 - 02:29
Published 24-12-2014 - 18:59
Back to Top