CVE-2016-5158
Published: 11 September 2016
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Released
(53.0.2785.143-0ubuntu1.1307)
|
bionic |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
cosmic |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
disco |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
eoan |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
precise |
Ignored
|
|
trusty |
Released
(53.0.2785.143-0ubuntu0.14.04.1.1142)
|
|
upstream |
Released
(53.0.2785.92)
|
|
xenial |
Released
(53.0.2785.143-0ubuntu0.16.04.1.1254)
|
|
yakkety |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
zesty |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
openjpeg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Does not exist
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(2.2.0-1)
|
|
cosmic |
Not vulnerable
(2.2.0-1)
|
|
disco |
Not vulnerable
(2.2.0-1)
|
|
eoan |
Not vulnerable
(2.2.0-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.2.0)
|
|
xenial |
Released
(2.1.2-1.1+deb9u2build0.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |