CVE-2014-7947

Published: 22 January 2015

OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.

Notes

Author	Note
mdeslaur	incomplete fix, see CVE-2016-4797

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	artful	Released (40.0.2214.94-0ubuntu1.1120)
	bionic	Released (40.0.2214.94-0ubuntu1.1120)
	cosmic	Released (40.0.2214.94-0ubuntu1.1120)
	disco	Released (40.0.2214.94-0ubuntu1.1120)
	eoan	Released (40.0.2214.94-0ubuntu1.1120)
	focal	Released (40.0.2214.94-0ubuntu1.1120)
	groovy	Released (40.0.2214.94-0ubuntu1.1120)
	hirsute	Released (40.0.2214.94-0ubuntu1.1120)
	impish	Released (40.0.2214.94-0ubuntu1.1120)
	jammy	Released (40.0.2214.94-0ubuntu1.1120)
	kinetic	Released (40.0.2214.94-0ubuntu1.1120)
	lucid	Ignored (end of life)
	lunar	Released (40.0.2214.94-0ubuntu1.1120)
	mantic	Released (40.0.2214.94-0ubuntu1.1120)
	precise	Ignored
	trusty	Released (40.0.2214.94-0ubuntu0.14.04.1.1068)
	upstream	Released (40.0.2214.91)
	utopic	Released (40.0.2214.94-0ubuntu0.14.10.1.1110)
	vivid	Released (40.0.2214.94-0ubuntu1.1120)
	wily	Released (40.0.2214.94-0ubuntu1.1120)
	xenial	Released (40.0.2214.94-0ubuntu1.1120)
	yakkety	Released (40.0.2214.94-0ubuntu1.1120)
	zesty	Released (40.0.2214.94-0ubuntu1.1120)
gdcm Launchpad, Ubuntu, Debian	artful	Not vulnerable (uses system openjpeg)
	bionic	Not vulnerable (uses system openjpeg)
	cosmic	Not vulnerable (uses system openjpeg)
	disco	Not vulnerable (uses system openjpeg)
	eoan	Not vulnerable (uses system openjpeg)
	focal	Not vulnerable (uses system openjpeg)
	groovy	Not vulnerable (uses system openjpeg)
	hirsute	Not vulnerable (uses system openjpeg)
	impish	Not vulnerable (uses system openjpeg)
	jammy	Not vulnerable (uses system openjpeg)
	kinetic	Not vulnerable (uses system openjpeg)
	lucid	Ignored (end of life)
	lunar	Not vulnerable (uses system openjpeg)
	mantic	Not vulnerable (uses system openjpeg)
	precise	Not vulnerable (uses system openjpeg)
	trusty	Not vulnerable (uses system openjpeg)
	upstream	Needs triage
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Not vulnerable (uses system openjpeg)
	xenial	Not vulnerable (uses system openjpeg)
	yakkety	Not vulnerable (uses system openjpeg)
	zesty	Not vulnerable (uses system openjpeg)
insighttoolkit4 Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lucid	Does not exist
	lunar	Not vulnerable
	mantic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Does not exist
	xenial	Not vulnerable
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)
openjpeg Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Ignored (end of life)
	lunar	Does not exist
	mantic	Does not exist
	precise	Ignored (end of life)
	trusty	Not vulnerable (code not present)
	upstream	Needs triage
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable (code not present)
	yakkety	Ignored (end of life)
	zesty	Does not exist
openjpeg2 Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Not vulnerable (2.1.1-1)
	cosmic	Not vulnerable (2.1.1-1)
	disco	Not vulnerable (2.1.1-1)
	eoan	Not vulnerable (2.1.1-1)
	focal	Not vulnerable (2.1.1-1)
	groovy	Not vulnerable (2.1.1-1)
	hirsute	Not vulnerable (2.1.1-1)
	impish	Not vulnerable (2.1.1-1)
	jammy	Not vulnerable (2.1.1-1)
	kinetic	Not vulnerable (2.1.1-1)
	lucid	Does not exist
	lunar	Not vulnerable (2.1.1-1)
	mantic	Not vulnerable (2.1.1-1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (2.1.1)
	utopic	Does not exist
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Released (2.1.2-1.1+deb9u2build0.1)
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)
oxide-qt Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected)
	upstream	Not vulnerable
	utopic	Not vulnerable
	vivid	Not vulnerable
	wily	Not vulnerable
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable
vxl Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Ignored (end of life)
	lunar	Does not exist
	mantic	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	utopic	Does not exist
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Needed
	yakkety	Does not exist
	zesty	Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›