CVE-2014-7901 - Vulnerability Details - OpenCVE

Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
http://www.securityfocus.com/bid/71158
http://www.securitytracker.com/id/1031241
https://code.google.com/p/chromium/issues/detail?id=413375
https://exchange.xforce.ibmcloud.com/vulnerabilities/98789
https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-11-19T11:00:00

Updated: 2024-08-06T13:03:27.853Z

Reserved: 2014-10-06T00:00:00

Link: CVE-2014-7901

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-19T11:59:02.637

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-7901

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "1031241", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031241"}, {"name": "google-chrome-cve20147901-overflow(98789)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98789"}, {"name": "71158", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71158"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=413375"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-7901", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1031241", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031241"}, {"name": "google-chrome-cve20147901-overflow(98789)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98789"}, {"name": "71158", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71158"}, {"name": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78", "refsource": "CONFIRM", "url": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=413375", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=413375"}, {"name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.853Z"}, "title": "CVE Program Container", "references": [{"name": "1031241", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031241"}, {"name": "google-chrome-cve20147901-overflow(98789)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98789"}, {"name": "71158", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71158"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=413375"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-7901", "datePublished": "2014-11-19T11:00:00", "dateReserved": "2014-10-06T00:00:00", "dateUpdated": "2024-08-06T13:03:27.853Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DF1A6F0-B289-4156-B0C1-682148673105", "versionEndIncluding": "39.0.2171.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n opj_t2_read_packer en fxcodec/fx_ligopenjpeg/libopenjpeg20/t2.c en OpenJPEG en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de un segmento largo en una imagen JPEG."}], "id": "CVE-2014-7901", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-19T11:59:02.637", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/71158"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1031241"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=413375"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98789"}, {"source": "chrome-cve-admin@google.com", "url": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=413375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}