6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.7%
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in
PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to
cause a denial of service or possibly have unspecified other impact via
invalid JPEG2000 data in a PDF document.
Author | Note |
---|---|
tyhicks | There are large changes between openjpeg trunk and the 1.5 and 1.3 branches that we shipped in Vivid and older. However, it looks like those code bases are also affected because I don’t see similar sanity checks. As of 2015-07-24, I don’t see a fix in the 1.5 branch. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 18.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 18.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 19.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 19.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 20.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 20.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 21.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 21.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 22.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |