Vulnerability Details : CVE-2014-8138
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-8138
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8138
5.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8138
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8138
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8138
-
http://www.debian.org/security/2014/dsa-3106
Debian -- Security Information -- DSA-3106-1 jasper
-
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
JasPer 1.900.1 Double-Free / Heap Overflow ≈ Packet Storm
-
http://www.ubuntu.com/usn/USN-2483-2
USN-2483-2: Ghostscript vulnerabilities | Ubuntu security notices
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
mandriva.com
-
http://secunia.com/advisories/62619
Sign in
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
openSUSE-SU-2015:0042-1: moderate: Security update for jasper
-
http://secunia.com/advisories/62311
Sign in
-
http://secunia.com/advisories/61747
Sign in
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
openSUSE-SU-2015:0038-1: moderate: Security update for jasper
-
http://www.securityfocus.com/bid/71746
JasPer CVE-2014-8138 Remote Heap Buffer Overflow Vulnerability
-
http://www.ubuntu.com/usn/USN-2483-1
USN-2483-1: JasPer vulnerabilities | Ubuntu security notices
-
https://www.ocert.org/advisories/ocert-2014-012.html
oCERT archiveThird Party Advisory;US Government Resource
-
http://rhn.redhat.com/errata/RHSA-2014-2021.html
RHSA-2014:2021 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
mandriva.com
-
http://secunia.com/advisories/62615
Sign in
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
The Slackware Linux Project: Slackware Security Advisories
-
http://advisories.mageia.org/MGASA-2014-0539.html
Mageia Advisory: MGASA-2014-0539 - Updated jasper packages fix security vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RHSA-2015:0698 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1713.html
RHSA-2015:1713 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
openSUSE-SU-2015:0039-1: moderate: Security update for jasper
-
http://www.securitytracker.com/id/1033459
Red Hat Enterprise Virtualization Hypervisor Bugs Let Remote Users Execute Arbitrary Code, Gain Elevated Privileges, and Deny Service - SecurityTracker
Jump to