1. CVE-Search
  2. CVE-2014-8157
ID CVE-2014-8157
Summary Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jasper_project:jasper:-:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:-:*:*:*:*:*:*:*
  • cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2015:0074
  • rhsa
    id RHSA-2015:0698
rpms
  • jasper-0:1.900.1-16.el6_6.3
  • jasper-0:1.900.1-26.el7_0.3
  • jasper-debuginfo-0:1.900.1-16.el6_6.3
  • jasper-debuginfo-0:1.900.1-26.el7_0.3
  • jasper-devel-0:1.900.1-16.el6_6.3
  • jasper-devel-0:1.900.1-26.el7_0.3
  • jasper-libs-0:1.900.1-16.el6_6.3
  • jasper-libs-0:1.900.1-26.el7_0.3
  • jasper-utils-0:1.900.1-16.el6_6.3
  • jasper-utils-0:1.900.1-26.el7_0.3
  • rhevm-spice-client-x64-cab-0:3.5-3.el6
  • rhevm-spice-client-x64-msi-0:3.5-3.el6
  • rhevm-spice-client-x86-cab-0:3.5-3.el6
  • rhevm-spice-client-x86-msi-0:3.5-3.el6
refmap via4
bid 72296
confirm
debian DSA-3138
mandriva
  • MDVSA-2015:034
  • MDVSA-2015:159
misc http://www.ocert.org/advisories/ocert-2015-001.html
secunia
  • 62583
  • 62615
  • 62619
  • 62765
slackware SSA:2015-302-02
suse openSUSE-SU-2015:0200
ubuntu
  • USN-2483-1
  • USN-2483-2
Last major update 30-10-2018 - 16:27
Published 26-01-2015 - 15:59
Last modified 30-10-2018 - 16:27
Back to Top