CVE-2015-6581

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
googlechrome
𝑥
≤ 44.0.2403
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openjpeg2
bullseye
2.4.0-3
fixed
sid
2.5.0-2
fixed
trixie
2.5.0-2
fixed
bookworm
2.5.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 45.0.2454.85-0ubuntu1.1198
released
artful
Fixed 45.0.2454.85-0ubuntu1.1198
released
zesty
Fixed 45.0.2454.85-0ubuntu1.1198
released
yakkety
Fixed 45.0.2454.85-0ubuntu1.1198
released
xenial
Fixed 45.0.2454.85-0ubuntu1.1198
released
wily
Fixed 45.0.2454.85-0ubuntu1.1198
released
vivid
Fixed 45.0.2454.85-0ubuntu0.15.04.1.1181
released
trusty
Fixed 45.0.2454.85-0ubuntu0.14.04.1.1097
released
precise
ignored
openjpeg
bionic
dne
artful
dne
zesty
dne
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
trusty
not-affected
precise
ignored
oxide-qt
bionic
dne
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
References
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html
http://www.debian.org/security/2016/dsa-3665
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=486538
https://code.google.com/p/chromium/issues/detail?id=526825
https://code.google.com/p/openjpeg/issues/detail?id=492
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html
http://www.debian.org/security/2016/dsa-3665
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=486538
https://code.google.com/p/chromium/issues/detail?id=526825
https://code.google.com/p/openjpeg/issues/detail?id=492