CVE-2014-8138

CVE-2014-8138

Name

CVE-2014-8138

Description

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
SECUNIA	http://secunia.com/advisories/61747
Third Party Advisory	https://www.ocert.org/advisories/ocert-2014-012.html
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-2021.html
MISC	http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
SECUNIA	http://secunia.com/advisories/62311
SECUNIA	http://secunia.com/advisories/62619
SECUNIA	http://secunia.com/advisories/62615
UBUNTU	http://www.ubuntu.com/usn/USN-2483-1
DEBIAN	http://www.debian.org/security/2014/dsa-3106
UBUNTU	http://www.ubuntu.com/usn/USN-2483-2
REDHAT	http://rhn.redhat.com/errata/RHSA-2015-0698.html
CONFIRM	http://advisories.mageia.org/MGASA-2014-0539.html
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
SUSE	http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
SUSE	http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
SUSE	http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
BID	http://www.securityfocus.com/bid/71746
SLACKWARE	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
SECTRACK	http://www.securitytracker.com/id/1033459
REDHAT	http://rhn.redhat.com/errata/RHSA-2015-1713.html

Type

URI

SECUNIA

http://secunia.com/advisories/61747

Third Party Advisory

https://www.ocert.org/advisories/ocert-2014-012.html

REDHAT

http://rhn.redhat.com/errata/RHSA-2014-2021.html

MISC

http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html

SECUNIA

http://secunia.com/advisories/62311

SECUNIA

http://secunia.com/advisories/62619

SECUNIA

http://secunia.com/advisories/62615

UBUNTU

http://www.ubuntu.com/usn/USN-2483-1

DEBIAN

http://www.debian.org/security/2014/dsa-3106

UBUNTU

http://www.ubuntu.com/usn/USN-2483-2

REDHAT

http://rhn.redhat.com/errata/RHSA-2015-0698.html

CONFIRM

http://advisories.mageia.org/MGASA-2014-0539.html

MANDRIVA

http://www.mandriva.com/security/advisories?name=MDVSA-2015:012

MANDRIVA

http://www.mandriva.com/security/advisories?name=MDVSA-2015:159

SUSE

http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html

SUSE

http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html

SUSE

http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html

BID

http://www.securityfocus.com/bid/71746

SLACKWARE

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

SECTRACK

http://www.securitytracker.com/id/1033459

REDHAT

http://rhn.redhat.com/errata/RHSA-2015-1713.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`	enterprise_linux	== None	== 7.0
`cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*`	enterprise_linux	== None	== 6.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 7.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 6.0

References

Match rules

Vulnerable and fixed packages