CVE-2016-1626Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 29.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
THE Openjpeg Project Openjpeg2Debian LinuxGoogle Chrome+1 more
Timeline
PublishedFeb 14
Latest updateMay 14

Description

The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDgoogle/chrome48.0.2564.103
Debianthe_openjpeg_project/openjpeg2< 2.1.2-1.2+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-2qm9-f7hv-vwh4: The opj_pi_update_decode_poc function in pi2022-05-14
OSV
CVE-2016-1626: The opj_pi_update_decode_poc function in pi2016-02-14
CVEList
CVE-2016-1626: The opj_pi_update_decode_poc function in pi2016-02-14

📋Vendor Advisories

2
Red Hat
chromium-browser: out-of-bounds read in PDFium2016-02-09
Debian
CVE-2016-1626: openjpeg2 - The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in ...2016

💬Community

2
Bugzilla
CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function2016-04-12
Bugzilla
CVE-2016-1626 chromium-browser: out-of-bounds read in PDFium2016-02-10
CVE-2016-1626 — Google Chrome vulnerability | cvebase