CVE-2014-8137

MEDIUM

Description

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

References

http://advisories.mageia.org/MGASA-2014-0539.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html

http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html

http://rhn.redhat.com/errata/RHSA-2014-2021.html

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://rhn.redhat.com/errata/RHSA-2015-1713.html

http://secunia.com/advisories/61747

http://secunia.com/advisories/62311

http://secunia.com/advisories/62615

http://secunia.com/advisories/62619

http://www.debian.org/security/2014/dsa-3106

http://www.mandriva.com/security/advisories?name=MDVSA-2015:012

http://www.mandriva.com/security/advisories?name=MDVSA-2015:159

http://www.securityfocus.com/bid/71742

http://www.securitytracker.com/id/1033459

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-2483-1

http://www.ubuntu.com/usn/USN-2483-2

https://www.ocert.org/advisories/ocert-2014-012.html

Details

Source: MITRE

Published: 2014-12-24

Updated: 2018-01-05

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (31 total)

ID	Name	Product	Family	Severity
100116	OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102)	Nessus	OracleVM Local Security Checks	high
94601	openSUSE Security Update : jasper (openSUSE-2016-1270)	Nessus	SuSE Local Security Checks	critical
94596	openSUSE Security Update : jasper (openSUSE-2016-1263)	Nessus	SuSE Local Security Checks	critical
88875	FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b)	Nessus	FreeBSD Local Security Checks	high
86663	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)	Nessus	Slackware Local Security Checks	critical
85999	RHEL 6 : rhev-hypervisor (RHSA-2015:1713)	Nessus	Red Hat Local Security Checks	high
82412	Mandriva Linux Security Advisory : jasper (MDVSA-2015:159)	Nessus	Mandriva Local Security Checks	high
82104	Debian DLA-121-1 : jasper security update	Nessus	Debian Local Security Checks	high
81969	RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)	Nessus	Red Hat Local Security Checks	critical
81686	GLSA-201503-01 : JasPer: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
81311	SuSE 11.3 Security Update : jasper (SAT Patch Number 10261)	Nessus	SuSE Local Security Checks	high
81018	Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2)	Nessus	Ubuntu Local Security Checks	high
81017	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : jasper vulnerabilities (USN-2483-1)	Nessus	Ubuntu Local Security Checks	high
81012	OracleVM 3.3 : jasper (OVMSA-2015-0006)	Nessus	OracleVM Local Security Checks	high
80542	openSUSE Security Update : jasper (openSUSE-SU-2015:0039-1)	Nessus	SuSE Local Security Checks	high
80540	openSUSE Security Update : jasper (openSUSE-SU-2015:0038-1)	Nessus	SuSE Local Security Checks	high
80539	openSUSE Security Update : jasper (openSUSE-SU-2015:0042-1)	Nessus	SuSE Local Security Checks	high
80431	Mandriva Linux Security Advisory : jasper (MDVSA-2015:012)	Nessus	Mandriva Local Security Checks	high
80417	Amazon Linux AMI : jasper (ALAS-2015-466)	Nessus	Amazon Linux Local Security Checks	high
80367	Fedora 19 : jasper-1.900.1-26.fc19 (2014-16465)	Nessus	Fedora Local Security Checks	high
80366	Fedora 20 : jasper-1.900.1-27.fc20 (2014-16349)	Nessus	Fedora Local Security Checks	high
80365	Fedora 21 : jasper-1.900.1-29.fc21 (2014-16292)	Nessus	Fedora Local Security Checks	high
80295	Fedora 20 : mingw-jasper-1.900.1-25.fc20 (2014-17274)	Nessus	Fedora Local Security Checks	high
80294	Fedora 19 : mingw-jasper-1.900.1-25.fc19 (2014-17270)	Nessus	Fedora Local Security Checks	high
80292	Fedora 21 : mingw-jasper-1.900.1-25.fc21 (2014-17259)	Nessus	Fedora Local Security Checks	high
80280	OracleVM 3.3 : jasper (OVMSA-2014-0087)	Nessus	OracleVM Local Security Checks	high
80126	Debian DSA-3106-1 : jasper - security update	Nessus	Debian Local Security Checks	high
80117	Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
80115	RHEL 6 / 7 : jasper (RHSA-2014:2021)	Nessus	Red Hat Local Security Checks	high
80113	Oracle Linux 6 / 7 : jasper (ELSA-2014-2021)	Nessus	Oracle Linux Local Security Checks	high
80107	CentOS 6 / 7 : jasper (CESA-2014:2021)	Nessus	CentOS Local Security Checks	high