jasper: two code execution vulnerabilities

Package(s):

jasper

CVE #(s):

CVE-2014-8137 CVE-2014-8138

Created:

December 19, 2014

Updated:

January 14, 2015

Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)

Alerts:

openSUSE	openSUSE-SU-2016:2737-1	jasper	2016-11-05
openSUSE	openSUSE-SU-2016:2722-1	jasper	2016-11-04
openSUSE	openSUSE-SU-2016:0217-1	jasper	2016-01-24
Slackware	SSA:2015-302-02	jasper	2015-10-29
Mandriva	MDVSA-2015:159	jasper	2015-03-29
Ubuntu	USN-2483-1	jasper	2015-01-26
Ubuntu	USN-2483-2	ghostscript	2015-01-26
openSUSE	openSUSE-SU-2015:0039-1	jasper	2015-01-14
openSUSE	openSUSE-SU-2015:0042-1	jasper	2015-01-14
openSUSE	openSUSE-SU-2015:0038-1	jasper	2015-01-14
Gentoo	201503-01	jasper	2015-03-06
Mandriva	MDVSA-2015:012	jasper	2015-01-08
Fedora	FEDORA-2014-16465	jasper	2015-01-06
Fedora	FEDORA-2014-16349	jasper	2015-01-06
Fedora	FEDORA-2014-16292	jasper	2015-01-06
Fedora	FEDORA-2014-17270	mingw-jasper	2014-12-29
Fedora	FEDORA-2014-17274	mingw-jasper	2014-12-29
Fedora	FEDORA-2014-17259	mingw-jasper	2014-12-29
Debian-LTS	DLA-121-1	jasper	2014-12-22
Mageia	MGASA-2014-0539	jasper	2014-12-19
Debian	DSA-3106-1	jasper	2014-12-20
Scientific Linux	SLSA-2014:2021-1	jasper	2014-12-18
Oracle	ELSA-2014-2021	jasper	2014-12-18
Oracle	ELSA-2014-2021	jasper	2014-12-18
CentOS	CESA-2014:2021	jasper	2014-12-18
CentOS	CESA-2014:2021	jasper	2014-12-18
Red Hat	RHSA-2014:2021-01	jasper	2014-12-18