CVE-2014-8137 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-99	jasper	1.900.1-15	1.900.5-1	Critical	Fixed

References
https://github.com/mdadams/jasper/commit/4bb93a6c49da7c1b6ad2acb60b18954a6547c637