pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Chrome
Published: 2016-02-21T02:00:00
Updated: 2024-08-05T23:02:12.389Z
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1628
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-02-21T05:59:00.123
Modified: 2023-11-07T02:30:11.987
Link: CVE-2016-1628
Redhat