Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-12-24T18:00:00

Updated: 2024-08-06T13:10:50.959Z

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-24T18:59:01.713

Modified: 2024-11-21T02:18:38.190

Link: CVE-2014-8137

cve-icon Redhat

Severity : Low

Publid Date: 2014-12-18T00:00:00Z

Links: CVE-2014-8137 - Bugzilla