CVE-2014-8137MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
References
http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
Details
Source: MITRE
Published: 2014-12-24
Updated: 2018-01-05
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* versions up to 1.900.1 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 100116 | OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102) | Nessus | OracleVM Local Security Checks | high |
| 94601 | openSUSE Security Update : jasper (openSUSE-2016-1270) | Nessus | SuSE Local Security Checks | high |
| 94596 | openSUSE Security Update : jasper (openSUSE-2016-1263) | Nessus | SuSE Local Security Checks | high |
| 88875 | FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b) | Nessus | FreeBSD Local Security Checks | medium |
| 86663 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02) | Nessus | Slackware Local Security Checks | critical |
| 85999 | RHEL 6 : rhev-hypervisor (RHSA-2015:1713) | Nessus | Red Hat Local Security Checks | high |
| 82412 | Mandriva Linux Security Advisory : jasper (MDVSA-2015:159) | Nessus | Mandriva Local Security Checks | high |
| 82104 | Debian DLA-121-1 : jasper security update | Nessus | Debian Local Security Checks | high |
| 81969 | RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE) | Nessus | Red Hat Local Security Checks | low |
| 81686 | GLSA-201503-01 : JasPer: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 81311 | SuSE 11.3 Security Update : jasper (SAT Patch Number 10261) | Nessus | SuSE Local Security Checks | high |
| 81018 | Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2) | Nessus | Ubuntu Local Security Checks | high |
| 81017 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : jasper vulnerabilities (USN-2483-1) | Nessus | Ubuntu Local Security Checks | high |
| 81012 | OracleVM 3.3 : jasper (OVMSA-2015-0006) | Nessus | OracleVM Local Security Checks | high |
| 80542 | openSUSE Security Update : jasper (openSUSE-SU-2015:0039-1) | Nessus | SuSE Local Security Checks | high |
| 80540 | openSUSE Security Update : jasper (openSUSE-SU-2015:0038-1) | Nessus | SuSE Local Security Checks | high |
| 80539 | openSUSE Security Update : jasper (openSUSE-SU-2015:0042-1) | Nessus | SuSE Local Security Checks | high |
| 80431 | Mandriva Linux Security Advisory : jasper (MDVSA-2015:012) | Nessus | Mandriva Local Security Checks | high |
| 80417 | Amazon Linux AMI : jasper (ALAS-2015-466) | Nessus | Amazon Linux Local Security Checks | high |
| 80367 | Fedora 19 : jasper-1.900.1-26.fc19 (2014-16465) | Nessus | Fedora Local Security Checks | high |
| 80366 | Fedora 20 : jasper-1.900.1-27.fc20 (2014-16349) | Nessus | Fedora Local Security Checks | high |
| 80365 | Fedora 21 : jasper-1.900.1-29.fc21 (2014-16292) | Nessus | Fedora Local Security Checks | high |
| 80295 | Fedora 20 : mingw-jasper-1.900.1-25.fc20 (2014-17274) | Nessus | Fedora Local Security Checks | high |
| 80294 | Fedora 19 : mingw-jasper-1.900.1-25.fc19 (2014-17270) | Nessus | Fedora Local Security Checks | high |
| 80292 | Fedora 21 : mingw-jasper-1.900.1-25.fc21 (2014-17259) | Nessus | Fedora Local Security Checks | high |
| 80280 | OracleVM 3.3 : jasper (OVMSA-2014-0087) | Nessus | OracleVM Local Security Checks | high |
| 80126 | Debian DSA-3106-1 : jasper - security update | Nessus | Debian Local Security Checks | high |
| 80117 | Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64 (20141218) | Nessus | Scientific Linux Local Security Checks | high |
| 80115 | RHEL 6 / 7 : jasper (RHSA-2014:2021) | Nessus | Red Hat Local Security Checks | high |
| 80113 | Oracle Linux 6 / 7 : jasper (ELSA-2014-2021) | Nessus | Oracle Linux Local Security Checks | high |
| 80107 | CentOS 6 / 7 : jasper (CESA-2014:2021) | Nessus | CentOS Local Security Checks | high |