Off-by-one error in the jpc_dec_process_sot function allows remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted JPEG 2000 image, which triggers a
heap-based buffer overflow.

CVE-2014-8158 (arbitrary code execution)

Multiple stack-based buffer overflows in jpc_qmfb.c allow remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted JPEG 2000 image.

OSVersionArchitecturePackageVersionFilename
anyanyanyjasper< 1.900.1-13UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	jasper	< 1.900.1-13	UNKNOWN

References

bugs.archlinux.org/task/43592

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8157

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8158

www.ocert.org/advisories/ocert-2015-001.html

osv 3

oraclelinux 3

nessus 53

redhat 5

openvas 29

debian 4

amazon 2

securityvulns 4

centos 3

mageia 1

fedora 4

ubuntu 3

cve 3

gentoo 1

veracode 3

ubuntucve 3

prion 3

attackerkb 1

ibm 30

f5 2

metasploit 2

exploitpack 2

altlinux 1

cert 1

freebsd 2

checkpoint_security 1

lenovo 2

zdt 2

packetstorm 3

thn 2

debiancve 1

checkpoint_advisories 1

threatpost 2

slackware 1

ics 2

suse 3

fortinet 1

vulnerlab 2

huawei 1

cisco 1

arista 1

cisa 1

seebug 1

citrix 1

cloudfoundry 1

paloalto 1

osv

jasper - security update

2015-01-25 00:00:00

jasper - security update

2015-01-28 00:00:00

eglibc - security update

2015-01-28 00:00:00

oraclelinux

jasper security update

2015-01-22 00:00:00

glibc security update

2015-01-27 00:00:00

glibc security update

2015-01-29 00:00:00

nessus

Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64 (20150122)

2015-01-23 00:00:00

SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2015:0288-1)

2015-05-20 00:00:00

Fedora 20 : mingw-jasper-1.900.1-26.fc20 (2015-1125)

2015-02-03 00:00:00

redhat

(RHSA-2015:0074) Important: jasper security update

2015-01-22 00:00:00

(RHSA-2015:0090) Critical: glibc security update

2015-01-27 00:00:00

(RHSA-2015:0099) Critical: glibc security update

2015-01-28 00:00:00

openvas

CentOS Update for jasper CESA-2015:0074 centos6

2015-01-23 00:00:00

Debian: Security Advisory (DLA-138-1)

2023-03-08 00:00:00

Debian: Security Advisory (DSA-3138-1)

2015-01-24 00:00:00

debian

[SECURITY] [DSA 3138-1] jasper security update

2015-01-25 10:00:52

[SECURITY] [DLA 138-1] jasper security update

2015-01-28 19:03:39

[SECURITY] [DSA 3138-1] jasper security update

2015-01-25 10:00:52

amazon

Important: jasper

2015-02-11 19:37:00

Critical: glibc

2015-01-27 11:41:00

securityvulns

[oCERT-2015-001] JasPer input sanitization errors

2015-01-25 00:00:00

jasper library multiple security vulnerabilities

2015-01-25 00:00:00

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

2015-02-02 00:00:00

centos

jasper security update

2015-01-22 22:28:13

glibc, nscd security update

2015-01-27 23:31:01

glibc, nscd security update

2015-01-27 22:59:55

mageia

Updated jasper packages fix security vulnerabilities

2015-01-24 17:32:04

fedora

[SECURITY] Fedora 20 Update: mingw-jasper-1.900.1-26.fc20

2015-02-02 17:21:42

[SECURITY] Fedora 21 Update: mingw-jasper-1.900.1-26.fc21

2015-02-02 17:23:33

[SECURITY] Fedora 21 Update: jasper-1.900.1-30.fc21

2015-02-09 05:28:37

ubuntu

JasPer vulnerabilities

2015-01-26 00:00:00

Ghostscript vulnerabilities

2015-01-26 00:00:00

GNU C Library vulnerability

2015-01-27 00:00:00

cve

CVE-2014-8157

2015-01-26 15:59:00

CVE-2014-8158

2015-01-26 15:59:00

CVE-2015-0235

2015-01-28 19:59:00

gentoo

JasPer: Multiple Vulnerabilities

2015-03-06 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:04:18

Arbitrary Code Execution

2019-05-02 05:07:22

Arbitrary Code Execution

2019-01-15 09:04:16

ubuntucve

CVE-2014-8157

2015-01-22 00:00:00

CVE-2014-8158

2015-01-22 00:00:00

CVE-2015-0235

2015-01-27 00:00:00

prion

Heap overflow

2015-01-26 15:59:00

Stack overflow

2015-01-26 15:59:00

Heap overflow

2015-01-28 19:59:00

attackerkb

Heap overflow in glibc 2.2 name resolution (CVE-2015-0235)

2015-01-28 00:00:00

ibm

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Protection (CVE-2015-0235)

2018-06-16 21:22:19

Security Bulletin: GNU C library (glibc) vulnerability affects IBM API Management (CVE-2015-0235)

2018-06-15 07:02:31

Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System Gen2 (CVE-2015-0235)

2018-06-18 00:09:09

K16057 : GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

2015-10-09 00:00:00

SOL16057 - GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

2015-01-27 00:00:00

metasploit

WordPress XMLRPC GHOST Vulnerability Scanner

2015-01-30 14:29:51

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-18 23:51:16

exploitpack

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

2015-01-29 00:00:00

Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)

2015-03-18 00:00:00

altlinux

Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.2

2015-01-28 00:00:00

cert

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

2015-01-28 00:00:00

freebsd

jasper -- multiple vulnerabilities

2014-12-10 00:00:00

glibc -- gethostbyname buffer overflow

2015-01-27 00:00:00

checkpoint_security

Check Point Response to CVE-2015-0235 (glibc - GHOST)

2015-01-26 22:00:00

lenovo

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (

2016-07-22 00:00:00

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")

2016-07-22 00:00:00

zdt

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

2015-03-19 00:00:00

Exim ESMTP GHOST Denial Of Service Exploit

2015-01-29 00:00:00

packetstorm

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-24 00:00:00

Exim ESMTP GHOST Denial Of Service

2015-01-29 00:00:00

Qualys Security Advisory - glibc gethostbyname Buffer Overflow

2015-01-27 00:00:00

thn

Critical GHOST vulnerability affects most Linux Systems

2015-01-27 21:17:00

GHOST glibc Vulnerability Affects WordPress and PHP applications

2015-01-29 23:53:00

debiancve

CVE-2015-0235

2015-01-28 19:59:00

checkpoint_advisories

GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)

2015-01-28 00:00:00

threatpost

Ghost glibc Vulnerability Patching and Exploits

2015-01-28 13:28:29

GHOST glibc Linux Remote Code Execution Vulnerability

2015-01-27 12:55:29

slackware

[slackware-security] glibc

2015-01-28 20:35:21

ics

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability

2018-09-10 12:00:00

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability (Update A)

2018-08-27 12:00:00

suse

glibc (critical)

2015-01-28 19:04:53

Security update for glibc (critical)

2015-02-02 09:04:48

Security update for glibc (critical)

2015-01-28 03:04:56

fortinet

CVE-2015-0235 "GHOST" vulnerability

2015-01-28 00:00:00

vulnerlab

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

huawei

Security Advisory - Glibc Buffer Overflow Vulnerability

2015-02-26 00:00:00

cisco

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

2015-01-28 22:30:00

arista

Security Advisory 0009

2015-01-28 00:00:00

cisa

Linux "Ghost" Remote Code Execution Vulnerability

2015-01-27 00:00:00

seebug

Linux glibc 缓冲区溢出 (幽灵(Ghost))

2015-07-02 00:00:00

citrix

CVE-2015-0235 - Citrix Security Advisory for glibc GHOST Vulnerability

2015-01-28 04:00:00

cloudfoundry

CVE-2015-0235 - GHOST | Cloud Foundry

2015-01-28 00:00:00

paloalto

GHOST: glibc vulnerability

2015-02-02 08:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for ASA-201501-23