{"affected":[],"aliases":[],"details":"\nThis update for jasper fixes the following security issues:\n\n    * \n\n      CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call\n      to free() allowed attackers to cause a denial of service or possibly\n      have unspecified other impact via unknown vectors. (bsc#909474)\n\n    * \n\n      CVE-2014-8138: Heap overflow in jas_decode(). This could be used to\n      do an arbitrary write and could result in arbitrary code execution.\n      (bsc#909475)\n\n    * \n\n      CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could\n      allow remote attackers to cause a denial of service (crash) or\n      possibly execute arbitrary code via a crafted JPEG 2000 image, which\n      triggers a heap-based buffer overflow. (bsc#911837)\n\n    * \n\n      CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c.\n      Could allow remote attackers to cause a denial of service (crash) or\n      possibly execute arbitrary code via a crafted JPEG 2000 image.\n      (bsc#911837)\n\nSecurity Issues:\n\n    * CVE-2014-8138\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138>\n    * CVE-2014-8137\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137>\n    * CVE-2014-8157\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157>\n    * CVE-2014-8158\n      <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158>\n\n","id":"SUSE-SU-2015:0258-1","modified":"2015-02-03T13:44:10Z","published":"2015-02-03T13:44:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150258-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/909474"},{"type":"REPORT","url":"https://bugzilla.suse.com/909475"},{"type":"REPORT","url":"https://bugzilla.suse.com/911837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8138"}],"related":["CVE-2014-8137","CVE-2014-8138"],"summary":"Security update for jasper","upstream":["CVE-2014-8137","CVE-2014-8138"]}