cbcvebase.
CVE-2016-5158
published 2016-09-11

CVE-2016-5158: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X…

high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianopenjpeg2< openjpeg2 2.1.2-1 (bookworm)openjpeg2 2.1.2-1 (bookworm)
googlechrome<= 52.0.2743.116
opensuseleap
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1
the_openjpeg_projectopenjpeg2>= 0 < 2.1.2-12.1.2-1

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH