CVE-2016-5139
published 2016-08-07CVE-2016-5139: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote…
high7.6CVSS 3.0
AVNACLPRNUIRSUCLILAH
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openjpeg2 | < openjpeg2 2.1.2-1 (bookworm) | openjpeg2 2.1.2-1 (bookworm) |
| chrome | — | — | |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1 | 2.1.2-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1 | 2.1.2-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1 | 2.1.2-1 |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.1.2-1 | 2.1.2-1 |
CVSS provenance
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
osv7.6HIGH