Vulnerability Details : CVE-2014-7944
The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-7944
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7944
2.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7944
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-7944
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7944
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
[security-announce] openSUSE-SU-2015:0441-1: important: Security update
-
http://secunia.com/advisories/62665
Sign in
-
https://code.google.com/p/chromium/issues/detail?id=418881
418881 - Heap-buffer-overflow in color_sycc_to_rgb - chromium - MonorailExploit;Vendor Advisory
-
http://www.securitytracker.com/id/1031623
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/72288
Google Chrome 40.0.2214.91 Multiple Security Vulnerabilities
-
https://pdfium.googlesource.com/pdfium/+/6cf012af4954807255ce7cdb5b92a20f74d34e6d
6cf012af4954807255ce7cdb5b92a20f74d34e6d - pdfium - Git at GooglePatch
-
http://rhn.redhat.com/errata/RHSA-2015-0093.html
RHSA-2015:0093 - Security Advisory - Red Hat Customer Portal
-
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://secunia.com/advisories/62383
Sign in
-
http://security.gentoo.org/glsa/glsa-201502-13.xml
Chromium: Multiple vulnerabilities (GLSA 201502-13) — Gentoo security
Jump to