New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote OracleVM host is missing a security update.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot (#1183671)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183679)
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208)
SolutionUpdate the affected jasper-libs package.