Summary
Check the version of jasper
Solution
Please Install the Updated Packages.
Insight
Jose Duart discovered that JasPer
incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
(CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8157)
It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8158)
Affected
jasper on Ubuntu 14.10 ,
Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS
Detection
Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ubuntu Update for bind9 vulnerability USN-1070-1
- Ubuntu Update for ffmpeg USN-1706-1
- Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for emacs23 USN-1586-1