Vulnerabilities > CVE-2014-7901 - Numeric Errors vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.

Vulnerable Configurations

Part Description Count
Application
Google
3724

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 42 security fixes in this release, including : - [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. - [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG. - [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team. - [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.
    last seen2020-06-01
    modified2020-06-02
    plugin id79320
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79320
    titleFreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_39_0_2171_65.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen2020-06-01
    modified2020-06-02
    plugin id79337
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79337
    titleGoogle Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79966
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79966
    titleGLSA-201412-13 : Chromium: Multiple vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_39_0_2171_65.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen2020-06-01
    modified2020-06-02
    plugin id79336
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79336
    titleGoogle Chrome < 39.0.2171.65 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-764.NASL
    descriptionchromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574).
    last seen2020-06-05
    modified2014-12-15
    plugin id79997
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79997
    titleopenSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)