CVE-2014-8137

MEDIUM

Description

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

References

http://advisories.mageia.org/MGASA-2014-0539.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html

http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html

http://rhn.redhat.com/errata/RHSA-2014-2021.html

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://rhn.redhat.com/errata/RHSA-2015-1713.html

http://secunia.com/advisories/61747

http://secunia.com/advisories/62311

http://secunia.com/advisories/62615

http://secunia.com/advisories/62619

http://www.debian.org/security/2014/dsa-3106

http://www.mandriva.com/security/advisories?name=MDVSA-2015:012

http://www.mandriva.com/security/advisories?name=MDVSA-2015:159

http://www.securityfocus.com/bid/71742

http://www.securitytracker.com/id/1033459

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-2483-1

http://www.ubuntu.com/usn/USN-2483-2

https://www.ocert.org/advisories/ocert-2014-012.html

Details

Source: MITRE

Published: 2014-12-24

Updated: 2018-01-05

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* versions up to 1.900.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
100116OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102)NessusOracleVM Local Security Checks
high
94601openSUSE Security Update : jasper (openSUSE-2016-1270)NessusSuSE Local Security Checks
critical
94596openSUSE Security Update : jasper (openSUSE-2016-1263)NessusSuSE Local Security Checks
critical
88875FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b)NessusFreeBSD Local Security Checks
high
86663Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)NessusSlackware Local Security Checks
critical
85999RHEL 6 : rhev-hypervisor (RHSA-2015:1713)NessusRed Hat Local Security Checks
high
82412Mandriva Linux Security Advisory : jasper (MDVSA-2015:159)NessusMandriva Local Security Checks
high
82104Debian DLA-121-1 : jasper security updateNessusDebian Local Security Checks
high
81969RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)NessusRed Hat Local Security Checks
critical
81686GLSA-201503-01 : JasPer: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
81311SuSE 11.3 Security Update : jasper (SAT Patch Number 10261)NessusSuSE Local Security Checks
high
81018Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2)NessusUbuntu Local Security Checks
high
81017Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : jasper vulnerabilities (USN-2483-1)NessusUbuntu Local Security Checks
high
81012OracleVM 3.3 : jasper (OVMSA-2015-0006)NessusOracleVM Local Security Checks
high
80542openSUSE Security Update : jasper (openSUSE-SU-2015:0039-1)NessusSuSE Local Security Checks
high
80540openSUSE Security Update : jasper (openSUSE-SU-2015:0038-1)NessusSuSE Local Security Checks
high
80539openSUSE Security Update : jasper (openSUSE-SU-2015:0042-1)NessusSuSE Local Security Checks
high
80431Mandriva Linux Security Advisory : jasper (MDVSA-2015:012)NessusMandriva Local Security Checks
high
80417Amazon Linux AMI : jasper (ALAS-2015-466)NessusAmazon Linux Local Security Checks
high
80367Fedora 19 : jasper-1.900.1-26.fc19 (2014-16465)NessusFedora Local Security Checks
high
80366Fedora 20 : jasper-1.900.1-27.fc20 (2014-16349)NessusFedora Local Security Checks
high
80365Fedora 21 : jasper-1.900.1-29.fc21 (2014-16292)NessusFedora Local Security Checks
high
80295Fedora 20 : mingw-jasper-1.900.1-25.fc20 (2014-17274)NessusFedora Local Security Checks
high
80294Fedora 19 : mingw-jasper-1.900.1-25.fc19 (2014-17270)NessusFedora Local Security Checks
high
80292Fedora 21 : mingw-jasper-1.900.1-25.fc21 (2014-17259)NessusFedora Local Security Checks
high
80280OracleVM 3.3 : jasper (OVMSA-2014-0087)NessusOracleVM Local Security Checks
high
80126Debian DSA-3106-1 : jasper - security updateNessusDebian Local Security Checks
high
80117Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64 (20141218)NessusScientific Linux Local Security Checks
high
80115RHEL 6 / 7 : jasper (RHSA-2014:2021)NessusRed Hat Local Security Checks
high
80113Oracle Linux 6 / 7 : jasper (ELSA-2014-2021)NessusOracle Linux Local Security Checks
high
80107CentOS 6 / 7 : jasper (CESA-2014:2021)NessusCentOS Local Security Checks
high