Vulnerability Details : CVE-2014-8157
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-8157
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8157
5.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8157
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8157
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8157
-
http://www.securityfocus.com/bid/72296
JasPer 'jpc_dec_process_sot()' Remote Heap Buffer Overflow Vulnerability
-
http://www.ubuntu.com/usn/USN-2483-2
USN-2483-2: Ghostscript vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=1179282
1179282 – (CVE-2014-8157) CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
-
http://secunia.com/advisories/62619
Sign in
-
http://secunia.com/advisories/62583
Sign in
-
http://www.ubuntu.com/usn/USN-2483-1
USN-2483-1: JasPer vulnerabilities | Ubuntu security notices
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
mandriva.com
-
http://secunia.com/advisories/62615
Sign in
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
The Slackware Linux Project: Slackware Security Advisories
-
http://rhn.redhat.com/errata/RHSA-2015-0074.html
RHSA-2015:0074 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html
openSUSE-SU-2015:0200-1: moderate: Security update for jasper
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
http://www.debian.org/security/2015/dsa-3138
Debian -- Security Information -- DSA-3138-1 jasper
-
http://advisories.mageia.org/MGASA-2015-0038.html
Mageia Advisory: MGASA-2015-0038 - Updated jasper packages fix security vulnerabilities
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:034
mandriva.com
-
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RHSA-2015:0698 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/62765
Sign in
-
http://www.ocert.org/advisories/ocert-2015-001.html
oCERT archiveThird Party Advisory;US Government Resource
Jump to