High severity8.8NVD Advisory· Published Sep 11, 2016· Updated May 6, 2026
CVE-2016-5158
CVE-2016-5158
Description
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-09/msg00073.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1854.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0559.htmlnvd
- rhn.redhat.com/errata/RHSA-2017-0838.htmlnvd
- www.debian.org/security/2016/dsa-3660nvd
- www.securityfocus.com/bid/92717nvd
- www.securitytracker.com/id/1036729nvd
- crbug.com/628890nvd
- googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.htmlnvd
- pdfium.googlesource.com/pdfium.git/+/ff74356915d4c7f7c6eb16de1e9f403da4ecb6d5nvd
- security.gentoo.org/glsa/201610-09nvd
News mentions
0No linked articles in our index yet.