New Search

ELSA-2014-2021 -- jasper security update (important)

oval:org.mitre.oval:def:28420

[1.900.1-16.2] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566) - CVE-2014-8138 - heap overflow in jp2_decode (#1173566) [1.900.1-16.1] - CVE-2014-9029 - incorrect component number check in COC RGN and QCC marker segment decoders (#1171208) [1.900.1-16] - CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749150)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 7
  • Oracle Linux 6
Class:
patch
Reference(s):
  • ELSA-2014-2021
  • CVE-2014-8137
  • CVE-2014-8138
  • CVE-2014-9029
Product(s):
  • jasper