{"id":"CVE-2016-5157","details":"Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.","modified":"2026-04-01T23:48:23.403869Z","published":"2016-09-11T10:59:13.147Z","related":["MGASA-2016-0309","MGASA-2016-0362","SUSE-SU-2016:2250-1","SUSE-SU-2016:2251-1","openSUSE-SU-2016:2250-1","openSUSE-SU-2024:10171-1","openSUSE-SU-2024:12948-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/09/08/5"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92717"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036729"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/"},{"type":"WEB","url":"https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9"},{"type":"WEB","url":"https://crbug.com/632622"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1854.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3660"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-09"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374337"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea"},{"type":"ARTICLE","url":"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"e078172b1c3f98d2219c37076b238fb759c751ea"}]},{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"e078172b1c3f98d2219c37076b238fb759c751ea"}]}],"versions":["arelease","opj0-97","start","v2.1.1","v2.1.2","version.1.1","version.1.2","version.1.3","version.1.4","version.1.5","version.1.5.1","version.1.5.2","version.2.0","version.2.0.1","version.2.1","wg1n6848"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea","signature_version":"v1","id":"CVE-2016-5157-09200673","digest":{"line_hashes":["276724014578074634273775962448736193537","166068383440004646407768019736768417242","315387392196939230406305860034055642031","140822074934480029344632455361319542812","206215261171716965538206663547136303240","207920034020602875151821625173620222322","112707378956024004694613174468034117521"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"src/lib/openjp2/tcd.c"}},{"source":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea","signature_version":"v1","id":"CVE-2016-5157-41c3c44e","digest":{"length":1556,"function_hash":"142147519116981527159461479809514836522"},"deprecated":false,"signature_type":"Function","target":{"function":"main","file":"tests/compare_dump_files.c"}},{"source":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea","signature_version":"v1","id":"CVE-2016-5157-4a9ef596","digest":{"length":9796,"function_hash":"75013586111695730176633193598590274453"},"deprecated":false,"signature_type":"Function","target":{"function":"opj_tcd_init_tile","file":"src/lib/openjp2/tcd.c"}},{"source":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea","signature_version":"v1","id":"CVE-2016-5157-cf0237c9","digest":{"line_hashes":["2590993907274255889834666590770095576","182202613112989334956703903084291334696","328580875509912772164284116826287927666","181381530163467876461874731371365544870","288311546062569806811008752920810987485","273817608176990925987014888204848909699","73266955951068314247921306075527226112","248914966577463477236703256571078035887","169603000558501573011231408806456490189","87065811644811952131170974641258562146","267563243047537990873072274626471257729","336283484677638099133261170653540979873","160259166157298641622518380502383700986"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"tests/compare_dump_files.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"52.0.2743.116"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]},{"events":[{"introduced":"0"},{"last_affected":"24"}]},{"events":[{"introduced":"0"},{"last_affected":"25"}]},{"events":[{"introduced":"0"},{"fixed":"53.0.2785.89"}]},{"events":[{"introduced":"0"},{"fixed":"53.0.2785.92"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5157.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}