CVE-2014-8137

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-8137
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
https://www.ocert.org/advisories/ocert-2014-012.html Third Party Advisory US Government Resource
http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
https://www.ocert.org/advisories/ocert-2014-012.html Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
History

21 Nov 2024, 02:18

Type Values Removed Values Added
References () http://advisories.mageia.org/MGASA-2014-0539.html - () http://advisories.mageia.org/MGASA-2014-0539.html -
References () http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html - () http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html -
References () http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html - () http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html -
References () http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html - () http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html -
References () http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html - () http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html -
References () http://rhn.redhat.com/errata/RHSA-2014-2021.html - () http://rhn.redhat.com/errata/RHSA-2014-2021.html -
References () http://rhn.redhat.com/errata/RHSA-2015-0698.html - () http://rhn.redhat.com/errata/RHSA-2015-0698.html -
References () http://rhn.redhat.com/errata/RHSA-2015-1713.html - () http://rhn.redhat.com/errata/RHSA-2015-1713.html -
References () http://secunia.com/advisories/61747 - () http://secunia.com/advisories/61747 -
References () http://secunia.com/advisories/62311 - () http://secunia.com/advisories/62311 -
References () http://secunia.com/advisories/62615 - () http://secunia.com/advisories/62615 -
References () http://secunia.com/advisories/62619 - () http://secunia.com/advisories/62619 -
References () http://www.debian.org/security/2014/dsa-3106 - () http://www.debian.org/security/2014/dsa-3106 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:012 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 -
References () http://www.securityfocus.com/bid/71742 - () http://www.securityfocus.com/bid/71742 -
References () http://www.securitytracker.com/id/1033459 - () http://www.securitytracker.com/id/1033459 -
References () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 -
References () http://www.ubuntu.com/usn/USN-2483-1 - () http://www.ubuntu.com/usn/USN-2483-1 -
References () http://www.ubuntu.com/usn/USN-2483-2 - () http://www.ubuntu.com/usn/USN-2483-2 -
References () https://www.ocert.org/advisories/ocert-2014-012.html - Third Party Advisory, US Government Resource () https://www.ocert.org/advisories/ocert-2014-012.html - Third Party Advisory, US Government Resource
Information

Published : 2014-12-24 18:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-8137

Mitre link : CVE-2014-8137

CVE.ORG link : CVE-2014-8137

JSON object : View

Products Affected

jasper_project

  • jasper

redhat

  • enterprise_linux
CWE
NVD-CWE-Other