CVE-2014-8137
Publication date 24 December 2014
Last updated 24 July 2024
Ubuntu priority
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Status
Package | Ubuntu Release | Status |
---|---|---|
ghostscript | ||
14.04 LTS trusty | Not in release | |
jasper | ||
14.04 LTS trusty |
Fixed 1.900.1-14ubuntu3.2
|
|
netpbm-free | ||
14.04 LTS trusty | Not in release | |
References
Related Ubuntu Security Notices (USN)
- USN-2483-1
- JasPer vulnerabilities
- 26 January 2015
- USN-2483-2
- Ghostscript vulnerabilities
- 26 January 2015