CVE-2015-6776Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-79Cross-site Scripting6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.6%
top 18.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DatatablesSprymedia DatatablesGoogle Chrome
Timeline
PublishedDec 6
Latest updateMay 17

Description

The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDgoogle/chrome46.0.2490.86
npmsprymedia/datatables< 1.10.10
Packagistdatatables/datatables< 1.10.10

🔴Vulnerability Details

3
GHSA
GHSA-2ggh-34r5-2jc7: The opj_dwt_decode_1* functions in dwt2022-05-17
GHSA
DataTable Vulnerable to Cross-Site Scripting2020-08-31
OSV
CVE-2015-6776: The opj_dwt_decode_1* functions in dwt2015-12-06

📋Vendor Advisories

1
Red Hat
chromium-browser: Out of bounds access in PDFium2015-12-01

💬Community

1
Bugzilla
CVE-2015-6776 chromium-browser: Out of bounds access in PDFium2015-12-02