Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-6581

Published: 3 September 2015

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
artful
Released (45.0.2454.85-0ubuntu1.1198)
bionic
Released (45.0.2454.85-0ubuntu1.1198)
precise Ignored

trusty
Released (45.0.2454.85-0ubuntu0.14.04.1.1097)
upstream
Released (45.0.2454.85)
vivid
Released (45.0.2454.85-0ubuntu0.15.04.1.1181)
wily
Released (45.0.2454.85-0ubuntu1.1198)
xenial
Released (45.0.2454.85-0ubuntu1.1198)
yakkety
Released (45.0.2454.85-0ubuntu1.1198)
zesty
Released (45.0.2454.85-0ubuntu1.1198)
openjpeg
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Ignored
(end of life)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Not vulnerable
(code not present)
yakkety Ignored
(end of life)
zesty Does not exist

Patches:
upstream: https://code.google.com/p/openjpeg/source/detail?r=3002
upstream: https://github.com/uclouvain/openjpeg/commit/1fb24aba4b29b7cd1b6880d8f0b08196a12efc2c
oxide-qt
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable