CVE-2014-8137

Published: Dec 24, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

MDVSA-2015:012

vendor-advisory

x_refsource_MANDRIVA

DSA-3106

vendor-advisory

x_refsource_DEBIAN

62619

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2015:0038

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2015:0042

vendor-advisory

x_refsource_SUSE

61747

third-party-advisory

x_refsource_SECUNIA

http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html

x_refsource_MISC

USN-2483-2

vendor-advisory

x_refsource_UBUNTU

USN-2483-1

vendor-advisory

x_refsource_UBUNTU

https://www.ocert.org/advisories/ocert-2014-012.html

x_refsource_MISC

62615

third-party-advisory

x_refsource_SECUNIA

1033459

vdb-entry

x_refsource_SECTRACK

RHSA-2015:0698

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2015:0039

vendor-advisory

x_refsource_SUSE

62311

third-party-advisory

x_refsource_SECUNIA

RHSA-2014:2021

vendor-advisory

x_refsource_REDHAT

71742

vdb-entry

x_refsource_BID

http://advisories.mageia.org/MGASA-2014-0539.html

x_refsource_CONFIRM

SSA:2015-302-02

vendor-advisory

x_refsource_SLACKWARE

MDVSA-2015:159

vendor-advisory

x_refsource_MANDRIVA

RHSA-2015:1713

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-8137

Description

Affected Products

References