CVE-2016-5157
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5157
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5157.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5157
- Downstream
- Related
- Published
- 2016-09-11T10:59:13Z
- Modified
- 2025-10-21T02:36:56Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Heap-based buffer overflow in the opjdwtinterleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-1854.html
- http://www.debian.org/security/2016/dsa-3660
- http://www.debian.org/security/2017/dsa-4013
- https://security.gentoo.org/glsa/201610-09
- https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
- https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea
- https://bugzilla.redhat.com/show_bug.cgi?id=1374337
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html
- http://www.openwall.com/lists/oss-security/2016/09/08/5
- http://www.securityfocus.com/bid/92717
- http://www.securitytracker.com/id/1036729
- https://crbug.com/632622
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/
- https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9
Affected packages
Git / github.com/uclouvain/openjpeg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/uclouvain/openjpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2016-5157-09200673",
"digest": {
"line_hashes": [
"276724014578074634273775962448736193537",
"166068383440004646407768019736768417242",
"315387392196939230406305860034055642031",
"140822074934480029344632455361319542812",
"206215261171716965538206663547136303240",
"207920034020602875151821625173620222322",
"112707378956024004694613174468034117521"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/lib/openjp2/tcd.c"
},
"source": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea",
"signature_version": "v1"
},
{
"id": "CVE-2016-5157-41c3c44e",
"digest": {
"function_hash": "142147519116981527159461479809514836522",
"length": 1556.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "main",
"file": "tests/compare_dump_files.c"
},
"source": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea",
"signature_version": "v1"
},
{
"id": "CVE-2016-5157-4a9ef596",
"digest": {
"function_hash": "75013586111695730176633193598590274453",
"length": 9796.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "opj_tcd_init_tile",
"file": "src/lib/openjp2/tcd.c"
},
"source": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea",
"signature_version": "v1"
},
{
"id": "CVE-2016-5157-cf0237c9",
"digest": {
"line_hashes": [
"2590993907274255889834666590770095576",
"182202613112989334956703903084291334696",
"328580875509912772164284116826287927666",
"181381530163467876461874731371365544870",
"288311546062569806811008752920810987485",
"273817608176990925987014888204848909699",
"73266955951068314247921306075527226112",
"248914966577463477236703256571078035887",
"169603000558501573011231408806456490189",
"87065811644811952131170974641258562146",
"267563243047537990873072274626471257729",
"336283484677638099133261170653540979873",
"160259166157298641622518380502383700986"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "tests/compare_dump_files.c"
},
"source": "https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea",
"signature_version": "v1"
}
]