Description
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html
Exploit x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=457493
Exploit x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=430891
Scores
CVSS v3
6.5
EPSS
0.0104
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-415
Status
published
Products (3)
debian/debian_linux
8.0
google/pdfium
uclouvain/openjpeg
< 2.1.1
Published
Oct 18, 2017
Tracked Since
Feb 18, 2026