Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-1628

Опубликовано: 21 фев. 2016
Источник: debian

Описание

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openjpegremovedpackage
openjpegnot-affectedjessiepackage
openjpegnot-affectedwheezypackage
openjpeg2fixed2.1.2-1.2package
chromium-browserfixed48.0.2564.116-1package
chromium-browserend-of-lifewheezypackage
chromium-browserend-of-lifesqueezepackage

Примечания

  • openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2

  • https://github.com/uclouvain/openjpeg/issues/850

  • https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586

Связанные уязвимости

ubuntu логотип

CVE-2016-1628

CVSS3: 6.3
ubuntu
почти 10 лет назад

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

redhat логотип

CVE-2016-1628

redhat
почти 10 лет назад

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

nvd логотип

CVE-2016-1628

CVSS3: 6.3
nvd
почти 10 лет назад

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

github логотип

GHSA-84x5-p2mg-fvmp

CVSS3: 6.3
github
больше 3 лет назад

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

fstec логотип

BDU:2016-00529

fstec
почти 10 лет назад

Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код