Out-of-Bounds Affecting openjpeg2 package, versions <2.1.2-1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-OPENJPEG2-517058
- published 11 Sep 2016
- disclosed 11 Sep 2016
Introduced: 11 Sep 2016
CVE-2016-5157 Open this link in a new tabHow to fix?
Upgrade Debian:11
openjpeg2
to version 2.1.2-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream openjpeg2
package and not the openjpeg2
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
References
- ADVISORY
- Chrome Release
- Chromium Issue
- CONFIRM
- Debian Security Advisory
- Debian Security Advisory
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Gentoo Security Advisory
- GitHub Commit
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Update
- OSS security Advisory
- RedHat Bugzilla Bug
- RedHat Security Advisory
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- chrome-cve-admin@google.com
- chrome-cve-admin@google.com
- chrome-cve-admin@google.com
- chrome-cve-admin@google.com
- chrome-cve-admin@google.com
- chrome-cve-admin@google.com