Lucene search
UbuntuUSN-2434-1HistoryDec 08, 2014 - 12:00 a.m.
JasPer vulnerability
2014-12-0800:00:00
ubuntu.com
27
6.7 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.457 Medium
EPSS
Percentile
97.4%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- jasper - Library for manipulating JPEG-2000 files
Details
Jose Duart discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | libjasper1 | < 1.900.1-debian1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libjasper-dev | < 1.900.1-debian1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libjasper-runtime | < 1.900.1-debian1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libjasper1 | < 1.900.1-14ubuntu3.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libjasper-dev | < 1.900.1-14ubuntu3.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libjasper-runtime | < 1.900.1-14ubuntu3.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libjasper1 | < 1.900.1-13ubuntu0.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libjasper-dev | < 1.900.1-13ubuntu0.1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libjasper-runtime | < 1.900.1-13ubuntu0.1 | UNKNOWN |
References
Related
nessus
nessus
Ubuntu 10.04 LTS : ghostscript vulnerability (USN-2434-2)
2014-12-09 00:00:00
openSUSE Security Update : jasper (openSUSE-SU-2014:1644-1)
2014-12-16 00:00:00
SuSE 11.3 Security Update : libjasper (SAT Patch Number 10072)
2015-02-04 00:00:00
securityvulns
securityvulns
[oCERT-2014-009] JasPer input sanitization errors
2014-12-08 00:00:00
jasper library multiple security vulnerabilities
2015-01-25 00:00:00
prion
prion
Heap overflow
2014-12-08 16:59:00
debian
debian
[SECURITY] [DSA 3089-1] jasper security update
2014-12-04 15:17:36
[SECURITY] [DLA 101-1] jasper security update
2014-12-06 12:45:21
[SECURITY] [DSA 3089-1] jasper security update
2014-12-04 15:17:53
ubuntucve
ubuntucve
CVE-2014-9029
2014-12-04 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2434-1)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2014-0514)
2022-01-28 00:00:00
Debian Security Advisory DSA 3089-1 (jasper - security update)
2014-12-04 00:00:00
cve
cve
CVE-2014-9029
2014-12-08 16:59:00
osv
osv
jasper - security update
2014-12-06 00:00:00
jasper - security update
2014-12-04 00:00:00
ubuntu
ubuntu
Ghostscript vulnerability
2014-12-08 00:00:00
mageia
mageia
Updated jasper packages fix CVE-2014-9029
2014-12-05 19:59:28
redhat
redhat
(RHSA-2014:2021) Important: jasper security update
2014-12-18 00:00:00
veracode
veracode
Heap-Based Buffer Overflow
2019-05-02 05:06:17
fedora
fedora
[SECURITY] Fedora 19 Update: jasper-1.900.1-26.fc19
2015-01-06 06:07:04
[SECURITY] Fedora 21 Update: mingw-jasper-1.900.1-24.fc21
2014-12-17 04:47:06
[SECURITY] Fedora 21 Update: jasper-1.900.1-29.fc21
2015-01-06 06:10:16
centos
centos
jasper security update
2014-12-18 22:11:55
oraclelinux
oraclelinux
jasper security update
2014-12-18 00:00:00
jasper security update
2017-05-09 00:00:00
amazon
amazon
Important: jasper
2015-01-08 11:36:00
archlinux
archlinux
jasper: arbitrary code execution
2014-12-19 00:00:00
gentoo
gentoo
JasPer: Multiple Vulnerabilities
2015-03-06 00:00:00
freebsd
freebsd
jasper -- multiple vulnerabilities
2014-12-10 00:00:00
slackware
slackware
[slackware-security] jasper
2015-10-29 22:48:48
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
6.7 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.457 Medium
EPSS
Percentile
97.4%
Related for USN-2434-1