CVE-2014-7945 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Google Chrome

Timeline

PublishedJan 22

Latest updateMay 17

Description

OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDgoogle/chrome40.0.2214.85

▶Ubuntuthe_openjpeg_project/openjpeg2< 2.1.2-1.1+deb9u2build0.1

🔴Vulnerability Details

GHSA

GHSA-pw5j-466g-x8qc: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40↗2022-05-17

▶

CVEList

CVE-2014-7945: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40↗2015-01-22

▶

OSV

CVE-2014-7945: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40↗2015-01-22

▶

📋Vendor Advisories

Red Hat

chromium-browser: out-of-bounds read in PDFium↗2015-01-21

▶

💬Community

Bugzilla

CVE-2014-7945 chromium-browser: out-of-bounds read in PDFium↗2015-01-23

▶