CVE-2014-8157

Publication date 22 January 2015

Last updated 24 July 2024


Ubuntu priority

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

Status

Package Ubuntu Release Status
ghostscript 14.10 utopic
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid
Fixed 8.71.dfsg.1-0ubuntu5.7
netpbm-free 14.10 utopic
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected
jasper 14.10 utopic
Fixed 1.900.1-debian1-2ubuntu0.2
14.04 LTS trusty
Fixed 1.900.1-14ubuntu3.2
12.04 LTS precise
Fixed 1.900.1-13ubuntu0.2
10.04 LTS lucid Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
jasper

References

Related Ubuntu Security Notices (USN)

    • USN-2483-1
    • JasPer vulnerabilities
    • 26 January 2015
    • USN-2483-2
    • Ghostscript vulnerabilities
    • 26 January 2015

Other references