CVE-2014-7947 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read CWE-369 — Divide By Zero8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Google Chrome

Timeline

PublishedJan 22

Latest updateMay 17

Description

OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDgoogle/chrome40.0.2214.85

▶Debianthe_openjpeg_project/openjpeg2< 2.1.1-1+3

🔴Vulnerability Details

GHSA

GHSA-g22f-672c-27cg: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40↗2022-05-17

▶

OSV

CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40↗2015-01-22

▶

CVEList

CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40↗2015-01-22

▶

📋Vendor Advisories

Red Hat

openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c↗2016-03-28

▶

Red Hat

chromium-browser: out-of-bounds read in PDFium↗2015-01-21

▶

Debian

CVE-2014-7947: openjpeg2 - OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, a...↗2014

▶

💬Community

Bugzilla

CVE-2014-7947 chromium-browser: out-of-bounds read in PDFium↗2015-01-23

▶