Lucene search

[email protected]CVE-2014-7944

HistoryJan 22, 2015 - 10:59 p.m.

CVE-2014-7944

2015-01-2222:59:00

CWE-119

[email protected]

web.nvd.nist.gov

pdfium

google chrome

cve-2014-7944

denial of service

remote attackers

out-of-bounds read

nvd

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

CPENameOperatorVersion
google:chromegoogle chromele40.0.2214.85

CPE	Name	Operator	Version
google:chrome	google chrome	le	40.0.2214.85

References

googlechromereleases.blogspot.com/2015/01/stable-update.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

rhn.redhat.com/errata/RHSA-2015-0093.html

secunia.com/advisories/62383

secunia.com/advisories/62665

security.gentoo.org/glsa/glsa-201502-13.xml

www.securityfocus.com/bid/72288

www.securitytracker.com/id/1031623

code.google.com/p/chromium/issues/detail?id=418881

pdfium.googlesource.com/pdfium/+/6cf012af4954807255ce7cdb5b92a20f74d34e6d

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2014-7944

prion1 debiancve1 ubuntucve1 threatpost1 nessus7 chrome1 archlinux1 freebsd1 redhat1 suse1 openvas5 gentoo1