Vulnerability Details : CVE-2014-8137
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2014-8137
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8137
15.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8137
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2014-8137
-
http://www.debian.org/security/2014/dsa-3106
Debian -- Security Information -- DSA-3106-1 jasper
-
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
JasPer 1.900.1 Double-Free / Heap Overflow ≈ Packet Storm
-
http://www.ubuntu.com/usn/USN-2483-2
USN-2483-2: Ghostscript vulnerabilities | Ubuntu security notices
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
mandriva.com
-
http://www.securityfocus.com/bid/71742
JasPer CVE-2014-8137 Double Free Remote Code Execution Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
openSUSE-SU-2015:0042-1: moderate: Security update for jasper
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
openSUSE-SU-2015:0038-1: moderate: Security update for jasper
-
http://www.ubuntu.com/usn/USN-2483-1
USN-2483-1: JasPer vulnerabilities | Ubuntu security notices
-
https://www.ocert.org/advisories/ocert-2014-012.html
oCERT archiveThird Party Advisory;US Government Resource
-
http://rhn.redhat.com/errata/RHSA-2014-2021.html
RHSA-2014:2021 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
mandriva.com
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
The Slackware Linux Project: Slackware Security Advisories
-
http://advisories.mageia.org/MGASA-2014-0539.html
Mageia Advisory: MGASA-2014-0539 - Updated jasper packages fix security vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RHSA-2015:0698 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1713.html
RHSA-2015:1713 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
openSUSE-SU-2015:0039-1: moderate: Security update for jasper
-
http://www.securitytracker.com/id/1033459
Red Hat Enterprise Virtualization Hypervisor Bugs Let Remote Users Execute Arbitrary Code, Gain Elevated Privileges, and Deny Service - SecurityTracker
Jump to