Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
Source: MITRE
Published: 2014-12-24
Updated: 2018-01-05
Type: NVD-CWE-Other
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
OR
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* versions up to 1.900.1 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
100116 | OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102) | Nessus | OracleVM Local Security Checks | high |
94601 | openSUSE Security Update : jasper (openSUSE-2016-1270) | Nessus | SuSE Local Security Checks | critical |
94596 | openSUSE Security Update : jasper (openSUSE-2016-1263) | Nessus | SuSE Local Security Checks | critical |
88875 | FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b) | Nessus | FreeBSD Local Security Checks | high |
86663 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02) | Nessus | Slackware Local Security Checks | critical |
85999 | RHEL 6 : rhev-hypervisor (RHSA-2015:1713) | Nessus | Red Hat Local Security Checks | high |
82412 | Mandriva Linux Security Advisory : jasper (MDVSA-2015:159) | Nessus | Mandriva Local Security Checks | high |
82104 | Debian DLA-121-1 : jasper security update | Nessus | Debian Local Security Checks | high |
81969 | RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE) | Nessus | Red Hat Local Security Checks | critical |
81686 | GLSA-201503-01 : JasPer: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
81311 | SuSE 11.3 Security Update : jasper (SAT Patch Number 10261) | Nessus | SuSE Local Security Checks | high |
81018 | Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2) | Nessus | Ubuntu Local Security Checks | high |
81017 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : jasper vulnerabilities (USN-2483-1) | Nessus | Ubuntu Local Security Checks | high |
81012 | OracleVM 3.3 : jasper (OVMSA-2015-0006) | Nessus | OracleVM Local Security Checks | high |
80542 | openSUSE Security Update : jasper (openSUSE-SU-2015:0039-1) | Nessus | SuSE Local Security Checks | high |
80540 | openSUSE Security Update : jasper (openSUSE-SU-2015:0038-1) | Nessus | SuSE Local Security Checks | high |
80539 | openSUSE Security Update : jasper (openSUSE-SU-2015:0042-1) | Nessus | SuSE Local Security Checks | high |
80431 | Mandriva Linux Security Advisory : jasper (MDVSA-2015:012) | Nessus | Mandriva Local Security Checks | high |
80417 | Amazon Linux AMI : jasper (ALAS-2015-466) | Nessus | Amazon Linux Local Security Checks | high |
80367 | Fedora 19 : jasper-1.900.1-26.fc19 (2014-16465) | Nessus | Fedora Local Security Checks | high |
80366 | Fedora 20 : jasper-1.900.1-27.fc20 (2014-16349) | Nessus | Fedora Local Security Checks | high |
80365 | Fedora 21 : jasper-1.900.1-29.fc21 (2014-16292) | Nessus | Fedora Local Security Checks | high |
80295 | Fedora 20 : mingw-jasper-1.900.1-25.fc20 (2014-17274) | Nessus | Fedora Local Security Checks | high |
80294 | Fedora 19 : mingw-jasper-1.900.1-25.fc19 (2014-17270) | Nessus | Fedora Local Security Checks | high |
80292 | Fedora 21 : mingw-jasper-1.900.1-25.fc21 (2014-17259) | Nessus | Fedora Local Security Checks | high |
80280 | OracleVM 3.3 : jasper (OVMSA-2014-0087) | Nessus | OracleVM Local Security Checks | high |
80126 | Debian DSA-3106-1 : jasper - security update | Nessus | Debian Local Security Checks | high |
80117 | Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64 (20141218) | Nessus | Scientific Linux Local Security Checks | high |
80115 | RHEL 6 / 7 : jasper (RHSA-2014:2021) | Nessus | Red Hat Local Security Checks | high |
80113 | Oracle Linux 6 / 7 : jasper (ELSA-2014-2021) | Nessus | Oracle Linux Local Security Checks | high |
80107 | CentOS 6 / 7 : jasper (CESA-2014:2021) | Nessus | CentOS Local Security Checks | high |