CVE-2016-1626
Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
La función opj_pi_update_decode_poc en pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no calcula correctamente un determinado valor de índice de capa, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un documento PDF manipulado.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-12 CVE Reserved
- 2016-02-14 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/83125 | Vdb Entry | |
http://www.securitytracker.com/id/1035183 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-16-171 | X_refsource_misc | |
https://code.google.com/p/chromium/issues/detail?id=571480 | X_refsource_confirm | |
https://codereview.chromium.org/1583233008 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2016-0241.html | 2023-11-07 | |
http://www.debian.org/security/2016/dsa-3486 | 2023-11-07 | |
https://security.gentoo.org/glsa/201603-09 | 2023-11-07 | |
https://security.gentoo.org/glsa/201710-26 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-1626 | 2016-02-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1306156 | 2016-02-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 48.0.2564.103 Search vendor "Google" for product "Chrome" and version "48.0.2564.103" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|