CVE-2016-5159 — Integer Overflow or Wraparound in Google Chrome
Severity
8.8HIGHNVD
EPSS
1.5%
top 19.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateMay 14
Description
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-49fh-qw2v-33hw: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53↗2022-05-14
CVEList▶
CVE-2016-5159: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53↗2016-09-11
OSV▶
CVE-2016-5159: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53↗2016-09-11