CVE-2014-7944 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 22

Latest updateMay 17

Description

The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome40.0.2214.85

🔴Vulnerability Details

GHSA

GHSA-fhv9-q298-644g: The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj↗2022-05-17

▶

OSV

CVE-2014-7944: The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj↗2015-01-22

▶

📋Vendor Advisories

Red Hat

chromium-browser: out-of-bounds read in PDFium↗2015-01-21

▶

💬Community

Bugzilla

CVE-2014-7944 chromium-browser: out-of-bounds read in PDFium↗2015-01-23

▶