CVE-2016-1628
Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no valida cierto valor precision, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de una imagen JPEG 2000 manipulada en un documento PDF, relacionado con las funciones opj_pi_next_rpcl, opj_pi_next_pcrl y opj_pi_next_cprl.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-12 CVE Reserved
- 2016-02-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/83125 | Vdb Entry | |
http://www.securitytracker.com/id/1035183 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-16-172 | X_refsource_misc | |
https://code.google.com/p/chromium/issues/detail?id=571479 | X_refsource_confirm | |
https://codereview.chromium.org/1590593002 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0241.html | 2023-11-07 | |
http://www.debian.org/security/2016/dsa-3486 | 2023-11-07 | |
http://www.debian.org/security/2017/dsa-4013 | 2023-11-07 | |
https://security.gentoo.org/glsa/201603-09 | 2023-11-07 | |
https://security.gentoo.org/glsa/201710-26 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-1628 | 2016-02-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1310577 | 2016-02-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 48.0.2564.103 Search vendor "Google" for product "Chrome" and version " <= 48.0.2564.103" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|