Main Vulnerability Database Vulnerabilities #VU40474

Buffer overflow in Debian Linux - CVE-2016-1628

Published: February 21, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40474

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-1628

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian

Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

How to mitigate CVE-2016-1628

Install update from vendor's website.

Buffer overflow in Debian Linux - CVE-2016-1628

Detailed vulnerability description

How to mitigate CVE-2016-1628

Sources

Please verify you're human