Lucene search

[email protected]CVE-2016-5157

HistorySep 11, 2016 - 10:59 a.m.

CVE-2016-5157

2016-09-1110:59:00

CWE-119

[email protected]

web.nvd.nist.gov

168

cve-2016-5157

heap-based buffer overflow

openjpeg

pdfium

google chrome

jpeg 2000

nvd

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.4%

JSON

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
google:chromegoogle chromele52.0.2743.116
fedoraproject:fedorafedoraproject fedoraeq25
fedoraproject:fedorafedoraproject fedoraeq24
fedoraproject:fedorafedoraproject fedoraeq23

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
google:chrome	google chrome	le	52.0.2743.116
fedoraproject:fedora	fedoraproject fedora	eq	25
fedoraproject:fedora	fedoraproject fedora	eq	24
fedoraproject:fedora	fedoraproject fedora	eq	23

References

lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html

lists.opensuse.org/opensuse-updates/2016-09/msg00073.html

rhn.redhat.com/errata/RHSA-2016-1854.html

www.debian.org/security/2016/dsa-3660

www.debian.org/security/2017/dsa-4013

www.openwall.com/lists/oss-security/2016/09/08/5

www.securityfocus.com/bid/92717

www.securitytracker.com/id/1036729

bugzilla.redhat.com/show_bug.cgi?id=1374337

crbug.com/632622

github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea

googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/

pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9

security.gentoo.org/glsa/201610-09

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2016-5157

ubuntucve1 redhatcve1 hackerone1 prion1 debiancve1 nessus19 freebsd2 mageia2 openvas12 debian3 suse3 fedora3 redhat1 archlinux1 threatpost1 osv1 chrome1 kaspersky1 gentoo1