CVE-2015-1239 — Double Free in Openjpeg

CWE-415 — Double Free5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 25.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Openjpeg Project Openjpeg2 Uclouvain Openjpeg Debian Linux

Timeline

PublishedOct 18

Latest updateMay 13

Description

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDuclouvain/openjpeg< 2.1.1

▶Debianthe_openjpeg_project/openjpeg2< 2.1.1-1+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-935h-fp8w-9vph: Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cau↗2022-05-13

▶

CVEList

CVE-2015-1239: Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cau↗2017-10-18

▶

OSV

CVE-2015-1239: Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cau↗2017-10-18

▶

📋Vendor Advisories

Debian

CVE-2015-1239: openjpeg2 - Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r29...↗2015

▶