CVE-2015-6581

Name	CVE-2015-6581
Description	Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-3665-1
Debian Bugs	800453

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
openjpeg (PTS)	jessie	1:1.5.2-3	fixed
openjpeg2 (PTS)	jessie, jessie (lts)	2.1.0-2+deb8u14	fixed
	stretch (security), stretch (lts), stretch	2.1.2-1.1+deb9u7	fixed
	buster (security), buster, buster (lts)	2.3.0-2+deb10u2	fixed
	bullseye	2.4.0-3	fixed
	sid, trixie, bookworm	2.5.0-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	wheezy	(unfixed)	end-of-life
chromium-browser	source	jessie	45.0.2454.85-1~deb8u1
chromium-browser	source	(unstable)	45.0.2454.85-1
openjpeg	source	(unstable)	(not affected)
openjpeg2	source	jessie	2.1.0-2+deb8u1		DSA-3665-1
openjpeg2	source	(unstable)	2.1.1-1			800453

Notes

- openjpeg <not-affected> (Vulnerable code not present, function opj_j2k_copy_default_tcp_and_create_tcd)
Openjpeg2 fix: https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0