CVE-2014-7945
Published: 22 January 2015
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
Notes
Author | Note |
---|---|
sbeattie |
openjpeg2 refactored some of the code |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser
Launchpad, Ubuntu, Debian |
artful |
Released
(40.0.2214.94-0ubuntu1.1120)
|
bionic |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
cosmic |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
disco |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
eoan |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
focal |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
groovy |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
hirsute |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
impish |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
jammy |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
kinetic |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
mantic |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
noble |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
precise |
Ignored
|
|
trusty |
Released
(40.0.2214.94-0ubuntu0.14.04.1.1068)
|
|
upstream |
Released
(40.0.2214.91)
|
|
utopic |
Released
(40.0.2214.94-0ubuntu0.14.10.1.1110)
|
|
vivid |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
wily |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
xenial |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
yakkety |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
zesty |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
gdcm
Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(uses system openjpeg)
|
bionic |
Not vulnerable
(uses system openjpeg)
|
|
cosmic |
Not vulnerable
(uses system openjpeg)
|
|
disco |
Not vulnerable
(uses system openjpeg)
|
|
eoan |
Not vulnerable
(uses system openjpeg)
|
|
focal |
Not vulnerable
(uses system openjpeg)
|
|
groovy |
Not vulnerable
(uses system openjpeg)
|
|
hirsute |
Not vulnerable
(uses system openjpeg)
|
|
impish |
Not vulnerable
(uses system openjpeg)
|
|
jammy |
Not vulnerable
(uses system openjpeg)
|
|
kinetic |
Not vulnerable
(uses system openjpeg)
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(uses system openjpeg)
|
|
mantic |
Not vulnerable
(uses system openjpeg)
|
|
noble |
Not vulnerable
(uses system openjpeg)
|
|
precise |
Not vulnerable
(uses system openjpeg)
|
|
trusty |
Not vulnerable
(uses system openjpeg)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(uses system openjpeg)
|
|
xenial |
Not vulnerable
(uses system openjpeg)
|
|
yakkety |
Not vulnerable
(uses system openjpeg)
|
|
zesty |
Not vulnerable
(uses system openjpeg)
|
|
insighttoolkit4
Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
impish |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lucid |
Does not exist
|
|
lunar |
Not vulnerable
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
openjpeg
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.1.1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Does not exist
|
|
openjpeg2
Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(2.1.1-1)
|
|
cosmic |
Not vulnerable
(2.1.1-1)
|
|
disco |
Not vulnerable
(2.1.1-1)
|
|
eoan |
Not vulnerable
(2.1.1-1)
|
|
focal |
Not vulnerable
(2.1.1-1)
|
|
groovy |
Not vulnerable
(2.1.1-1)
|
|
hirsute |
Not vulnerable
(2.1.1-1)
|
|
impish |
Not vulnerable
(2.1.1-1)
|
|
jammy |
Not vulnerable
(2.1.1-1)
|
|
kinetic |
Not vulnerable
(2.1.1-1)
|
|
lucid |
Does not exist
|
|
lunar |
Not vulnerable
(2.1.1-1)
|
|
mantic |
Not vulnerable
(2.1.1-1)
|
|
noble |
Not vulnerable
(2.1.1-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.1.1)
|
|
utopic |
Does not exist
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(2.1.2-1.1+deb9u2build0.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches:
upstream: https://github.com/uclouvain/openjpeg/commit/0b540067b18a75af6a1640b2ffb8ceb5f08be6d2 upstream: https://github.com/uclouvain/openjpeg/commit/f8796711e8d8e004d8b73929f0ff87c83abf0c76 upstream: https://github.com/uclouvain/openjpeg/commit/3df347eded5e0b690b1de72c48136ebbcfeef527 upstream: https://github.com/uclouvain/openjpeg/commit/efb70af001401c2cf3e9e60e308225ceb95ae9b6 upstream: https://github.com/uclouvain/openjpeg/commit/0a3f234df7b95ca3ac7e3d3a3019d24cb4cf5a83 upstream: https://github.com/uclouvain/openjpeg/commit/eb7c6d295aa77279b06d91c84b359f739a9e25bd upstream: https://github.com/uclouvain/openjpeg/commit/7256e43c48ba5f7b1b8ee2927a52dc783a7ab3ed upstream: https://github.com/uclouvain/openjpeg/commit/e65303b90336b5ec22b3ccafddba731d1228f370 upstream: https://github.com/uclouvain/openjpeg/commit/f126eb0d41f475ed80190c94a071f59839b9a205 |
||
oxide-qt
Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
utopic |
Not vulnerable
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
vxl
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Needed
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|