CVE-2014-8158

Current Description

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Basic Data

PublishedJanuary 26, 2015
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJasper ProjectJasper********1.900.1
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux6.0*******
    2.3OSRedhatEnterprise Linux7.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse13.1*******
    2.3OSOpensuseOpensuse13.2*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0
Redhat Enterprise Linux 6.0, 7.0
Jasper Project Jasper *
Opensuse Opensuse 13.1, 13.2

References

NameSourceURLTags
http://advisories.mageia.org/MGASA-2015-0038.htmlhttp://advisories.mageia.org/MGASA-2015-0038.htmlCONFIRM
openSUSE-SU-2015:0200http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.htmlSUSE
RHSA-2015:0074http://rhn.redhat.com/errata/RHSA-2015-0074.htmlREDHAT
RHSA-2015:0698http://rhn.redhat.com/errata/RHSA-2015-0698.htmlREDHAT
62583http://secunia.com/advisories/62583SECUNIA
62615http://secunia.com/advisories/62615SECUNIA
62619http://secunia.com/advisories/62619SECUNIA
62765http://secunia.com/advisories/62765SECUNIA
DSA-3138http://www.debian.org/security/2015/dsa-3138DEBIAN
MDVSA-2015:034http://www.mandriva.com/security/advisories?name=MDVSA-2015:034MANDRIVA
MDVSA-2015:159http://www.mandriva.com/security/advisories?name=MDVSA-2015:159MANDRIVA
http://www.ocert.org/advisories/ocert-2015-001.htmlhttp://www.ocert.org/advisories/ocert-2015-001.htmlMISCThird Party Advisory US Government Resource
72293http://www.securityfocus.com/bid/72293BID
SSA:2015-302-02http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606SLACKWARE
USN-2483-1http://www.ubuntu.com/usn/USN-2483-1UBUNTU
USN-2483-2http://www.ubuntu.com/usn/USN-2483-2UBUNTU