CVE-2015-6581

EUVD-2015-6520
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 44.0.2403
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openjpeg2
bookworm
2.5.0-2
fixed
bullseye
2.4.0-3
fixed
sid
2.5.0-2
fixed
trixie
2.5.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
artful
Fixed 45.0.2454.85-0ubuntu1.1198
released
bionic
Fixed 45.0.2454.85-0ubuntu1.1198
released
precise
ignored
trusty
Fixed 45.0.2454.85-0ubuntu0.14.04.1.1097
released
vivid
Fixed 45.0.2454.85-0ubuntu0.15.04.1.1181
released
wily
Fixed 45.0.2454.85-0ubuntu1.1198
released
xenial
Fixed 45.0.2454.85-0ubuntu1.1198
released
yakkety
Fixed 45.0.2454.85-0ubuntu1.1198
released
zesty
Fixed 45.0.2454.85-0ubuntu1.1198
released
openjpeg
artful
dne
bionic
dne
precise
ignored
trusty
not-affected
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
dne
oxide-qt
artful
not-affected
bionic
dne
precise
dne
trusty
dne
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html
http://www.debian.org/security/2016/dsa-3665
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=486538
https://code.google.com/p/chromium/issues/detail?id=526825
https://code.google.com/p/openjpeg/issues/detail?id=492
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html
http://www.debian.org/security/2016/dsa-3665
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=486538
https://code.google.com/p/chromium/issues/detail?id=526825
https://code.google.com/p/openjpeg/issues/detail?id=492