Critical severity9.8NVD Advisory· Published Aug 7, 2016· Updated May 6, 2026

CVE-2016-5140

Description

Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.htmlnvd
rhn.redhat.com/errata/RHSA-2016-1580.htmlnvd
www.debian.org/security/2016/dsa-3645nvd
www.securityfocus.com/bid/92276nvd
www.securitytracker.com/id/1036547nvd
codereview.chromium.org/2071773002nvd
crbug.com/619405nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/nvd
security.gentoo.org/glsa/201610-09nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000