CVE-2015-6581

Priority
Description
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd
function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google
Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary
code or cause a denial of service (heap memory corruption) by triggering a
memory-allocation failure.
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Patches:
Upstream:https://code.google.com/p/openjpeg/source/detail?r=3002
Upstream:https://github.com/uclouvain/openjpeg/commit/1fb24aba4b29b7cd1b6880d8f0b08196a12efc2c
Package
Upstream:released (45.0.2454.85)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored)
Ubuntu 14.04 LTS (Trusty Tahr):released (45.0.2454.85-0ubuntu0.14.04.1.1097)
Ubuntu 16.04 LTS (Xenial Xerus):released (45.0.2454.85-0ubuntu1.1198)
Ubuntu 18.04 LTS (Bionic Beaver):released (45.0.2454.85-0ubuntu1.1198)
Ubuntu 18.10 (Cosmic Cuttlefish):released (45.0.2454.85-0ubuntu1.1198)
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
More Information

Updated: 2018-10-22 14:09:08 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)