Vulnerability Details : CVE-2016-1645
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-1645
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1645
16.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1645
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1645
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1645
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html
[security-announce] openSUSE-SU-2016:0817-1: important: Security updateThird Party Advisory
-
http://www.securityfocus.com/bid/84224
Google Chrome Prior to 49.0.2623.87 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00067.html
[security-announce] openSUSE-SU-2016:0818-1: important: Security updateThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3513
Debian -- Security Information -- DSA-3513-1 chromium-browserThird Party Advisory
-
http://www.securitytracker.com/id/1035259
Google Chrome Flaws in Blink and PDFium Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://pdfium.googlesource.com/pdfium/+/c145aeb2bf13ac408fc3e8233acca43d4251bbdc
c145aeb2bf13ac408fc3e8233acca43d4251bbdc - pdfium - Git at GoogleVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00073.html
[security-announce] openSUSE-SU-2016:0828-1: important: Security updateThird Party Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-16-197/
ZDI-16-197 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=587227
587227 - ZDI-CAN-3563: New Vulnerability Report - chromium - MonorailVendor Advisory
Jump to