1
PublicDateAtUSN: 2014-12-24
2
Candidate: CVE-2014-8138
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
6
http://www.ocert.org/advisories/ocert-2014-012.html
7
https://www.debian.org/security/2014/dsa-3106
8
https://usn.ubuntu.com/usn/usn-2483-1
9
https://usn.ubuntu.com/usn/usn-2483-2
11
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and
12
earlier allows remote attackers to cause a denial of service (crash) or
13
possibly execute arbitrary code via a crafted JPEG 2000 file.
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463
18
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
20
Discovered-by: Jose Duart
24
upstream_jasper: released (1.900.1-debian1-2.3)
25
lucid_jasper: ignored (reached end-of-life)
26
precise_jasper: released (1.900.1-13ubuntu0.2)
27
trusty_jasper: released (1.900.1-14ubuntu3.2)
28
utopic_jasper: released (1.900.1-debian1-2ubuntu0.2)
29
devel_jasper: not-affected (1.900.1-debian1-2.3)
32
upstream_ghostscript: needs-triage
33
lucid_ghostscript: released (8.71.dfsg.1-0ubuntu5.7)
34
precise_ghostscript: not-affected (uses system jasper)
35
trusty_ghostscript: not-affected (uses system jasper)
36
utopic_ghostscript: not-affected (uses system jasper)
37
devel_ghostscript: not-affected (uses system jasper)
40
upstream_netpbm-free: needs-triage
41
lucid_netpbm-free: not-affected (code not present)
42
precise_netpbm-free: not-affected (code not present)
43
trusty_netpbm-free: not-affected (code not present)
44
utopic_netpbm-free: not-affected (code not present)
45
devel_netpbm-free: not-affected (code not present)