CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-8137

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.315

EPSS Ranking 96.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
https://www.ocert.org/advisories/ocert-2014-012.html
http://advisories.mageia.org/MGASA-2014-0539.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html
http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html
http://rhn.redhat.com/errata/RHSA-2014-2021.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1713.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62311
http://secunia.com/advisories/62615
http://secunia.com/advisories/62619
http://www.debian.org/security/2014/dsa-3106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:012
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://www.securityfocus.com/bid/71742
http://www.securitytracker.com/id/1033459
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2483-1
http://www.ubuntu.com/usn/USN-2483-2
https://www.ocert.org/advisories/ocert-2014-012.html

Products affected by CVE-2014-8137

Jasper Project » Jasper » Version: N/A

cpe:2.3:a:jasper_project:jasper:-
Jasper Project » Jasper » Version: 1.900.1

cpe:2.3:a:jasper_project:jasper:1.900.1
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-8137

Products

Pricing

Contact Us