CVE-2015-1239 - Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFiu

CVE-2015-1239

Summary

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

References

Vulnerable Configurations

cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:uclouvain:openjpeg:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:google:pdfium:-:*:*:*:*:*:*:*
cpe:2.3:a:google:pdfium:-:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-12-2023 - 18:05)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugs.chromium.org/p/chromium/issues/detail?id=430891 https://bugs.chromium.org/p/chromium/issues/detail?id=457493
mlist	[debian-lts-announce] 20180719 [SECURITY] [DLA 1433-1] openjpeg2 security update

Last major update

29-12-2023 - 18:05

Published

18-10-2017 - 17:29

Last modified

29-12-2023 - 18:05