Unrated severityNVD Advisory· Published Jan 26, 2015· Updated May 6, 2026

CVE-2014-8158

Description

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

Affected products

Jasper Project/Jasper
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Range: <=1.900.1
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ocert.org/advisories/ocert-2015-001.htmlnvdThird Party AdvisoryUS Government Resource
advisories.mageia.org/MGASA-2015-0038.htmlnvd
lists.opensuse.org/opensuse-updates/2015-02/msg00014.htmlnvd
rhn.redhat.com/errata/RHSA-2015-0074.htmlnvd
rhn.redhat.com/errata/RHSA-2015-0698.htmlnvd
secunia.com/advisories/62583nvd
secunia.com/advisories/62615nvd
secunia.com/advisories/62619nvd
secunia.com/advisories/62765nvd
www.debian.org/security/2015/dsa-3138nvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/72293nvd
www.slackware.com/security/viewer.phpnvd
www.ubuntu.com/usn/USN-2483-1nvd
www.ubuntu.com/usn/USN-2483-2nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000