CVE-2016-5139

Published: Aug 7, 2016Modified: May 6, 2026

7.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Exploitability: 2.8 / Impact: 4.7

Source: NVD

Description

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Version 52.0.2743.82

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (28)

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-1580.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2017-0559.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2017-0838.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3645

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/92276

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1036547

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/2124073003

Source: chrome-cve-admin@google.com

https://crbug.com/625541

Source: chrome-cve-admin@google.com

https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201610-09

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-1580.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0559.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0838.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3645

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/92276

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036547

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/2124073003

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/625541

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/07/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201610-09

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.