Summary
Check the version of ghostscript
Solution
Please Install the Updated Packages.
Insight
USN-2483-1 fixed vulnerabilities in JasPer.
This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8138) It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8157) It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8158)
Affected
ghostscript on Ubuntu 10.04 LTS
Detection
Get the installed version with the help of
detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities