High severity8.8NVD Advisory· Published Sep 11, 2016· Updated May 6, 2026

CVE-2016-5157

Description

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.htmlnvd
lists.opensuse.org/opensuse-updates/2016-09/msg00073.htmlnvd
rhn.redhat.com/errata/RHSA-2016-1854.htmlnvd
www.debian.org/security/2016/dsa-3660nvd
www.debian.org/security/2017/dsa-4013nvd
www.openwall.com/lists/oss-security/2016/09/08/5nvd
www.securityfocus.com/bid/92717nvd
www.securitytracker.com/id/1036729nvd
bugzilla.redhat.com/show_bug.cginvd
crbug.com/632622nvd
github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751eanvd
googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.htmlnvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/nvd
pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9nvd
security.gentoo.org/glsa/201610-09nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000