CVE-2016-1619 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.6HIGHNVD

EPSS

0.8%

top 25.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 25

Latest updateMay 17

Description

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

▶NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

GHSA

GHSA-mxvr-m44w-7x57: Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj↗2022-05-17

▶

OSV

CVE-2016-1619: Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj↗2016-01-25

▶

📋Vendor Advisories

Red Hat

chromium-browser: out-of-bounds read in PDFium↗2016-01-20

▶

💬Community

Bugzilla

CVE-2016-1619 chromium-browser: out-of-bounds read in PDFium↗2016-01-22

▶