Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8158

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Related bugs and status

CVE-2014-8158 (Candidate) is related to these bugs:

Bug #1416141: Sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1416141	Sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)		jasper (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ocert.org/a...
REDHAT: RHSA-2015:0074
SECUNIA: 62583
SECUNIA: 62615
SECUNIA: 62619
SECUNIA: 62765
DEBIAN: DSA-3138
SUSE: openSUSE-SU-2015:0200
UBUNTU: USN-2483-1
UBUNTU: USN-2483-2
REDHAT: RHSA-2015:0698
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:034
MANDRIVA: MDVSA-2015:159
BID: 72293
SLACKWARE: SSA:2015-302-02