Vulnerability CVE-2014-3189: Information

Description

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3189
Published: Oct. 8, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-264

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus38.0.2125.101-alt1125.0.6422.141-alt1ALT-PU-2014-2280-1132612Fixed
chromiump1038.0.2125.101-alt1119.0.6045.159-alt0.p10.1ALT-PU-2014-2280-1132612Fixed
chromiump938.0.2125.101-alt197.0.4692.99-alt0.p9.1ALT-PU-2014-2280-1132612Fixed
chromiumc10f138.0.2125.101-alt1110.0.5481.177-alt1.p10.1ALT-PU-2014-2280-1132612Fixed
chromiumc9f238.0.2125.101-alt184.0.4147.105-alt1.1.p9ALT-PU-2014-2280-1132612Fixed
chromiumc738.0.2125.122-alt0.M70C.238.0.2125.122-alt0.M70C.2ALT-PU-2016-1955-1168870Fixed
chromiump1138.0.2125.101-alt1125.0.6422.141-alt1ALT-PU-2014-2280-1132612Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://codereview.chromium.org/519873002/
    RHSA-2014:1626
      https://crbug.com/398384
        70273
          http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html

              1. Configuration 1

                cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                End including
                38.0.2125.7

                Configuration 2

                cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top