CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code."> OVAL Reference oval:org.mitre.oval:def:28259 - CERT Civis.Net
Oval Definition:oval:org.mitre.oval:def:28259
Revision Date:2015-02-23Version:4
Title:DSA-3106-1 -- jasper security update
Description:Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-8137
CVE-2014-8138
DSA-3106-1
Platform(s):Debian GNU/kFreeBSD 7.0
Debian GNU/Linux 7.0
Product(s):jasper
Definition Synopsis
  • Debian 7 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND jasper is earlier than 0:1.900.1-13+deb7u2
  • BACK