Unrated severityNVD Advisory· Published Dec 24, 2014· Updated May 6, 2026
CVE-2014-8137
CVE-2014-8137
Description
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Affected products
3cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.ocert.org/advisories/ocert-2014-012.htmlnvdThird Party AdvisoryUS Government Resource
- advisories.mageia.org/MGASA-2014-0539.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-01/msg00013.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-01/msg00014.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-01/msg00017.htmlnvd
- packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-2021.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0698.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1713.htmlnvd
- secunia.com/advisories/61747nvd
- secunia.com/advisories/62311nvd
- secunia.com/advisories/62615nvd
- secunia.com/advisories/62619nvd
- www.debian.org/security/2014/dsa-3106nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/71742nvd
- www.securitytracker.com/id/1033459nvd
- www.slackware.com/security/viewer.phpnvd
- www.ubuntu.com/usn/USN-2483-1nvd
- www.ubuntu.com/usn/USN-2483-2nvd
News mentions
0No linked articles in our index yet.