Vulnerability Details : CVE-2015-1273
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-1273
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1273
1.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1273
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-1273
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1273
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html
[security-announce] openSUSE-SU-2015:1287-1: important: Security update
-
http://www.debian.org/security/2015/dsa-3315
Debian -- Security Information -- DSA-3315-1 chromium-browser
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security
-
http://www.securitytracker.com/id/1033031
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Spoof URLs - SecurityTracker
-
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
Chrome Releases: Stable Channel UpdatePatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1499.html
RHSA-2015:1499 - Security Advisory - Red Hat Customer Portal
-
https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc
cddfde0cddbc8467e0d5fa04c30405ee257750fc - pdfium - Git at Google
-
http://www.securityfocus.com/bid/75973
Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities
-
https://code.google.com/p/chromium/issues/detail?id=459215
459215 - Security: pdfium - write past end of heap buffer when parsing invalid JPEG2000 image - chromium - Monorail
Jump to