{"id":"CVE-2016-5157","details":"Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.","modified":"2026-05-14T12:00:08.902782469Z","published":"2016-09-11T10:59:13.147Z","related":["SUSE-SU-2016:2250-1","SUSE-SU-2016:2251-1","openSUSE-SU-2016:2250-1","openSUSE-SU-2024:10171-1","openSUSE-SU-2024:12948-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"52.0.2743.116"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"23"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"24"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"25"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"42.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"extracted_events":[{"fixed":"53.0.2785.89"},{"fixed":"53.0.2785.92"}],"source":"DESCRIPTION"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/09/08/5"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92717"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036729"},{"type":"WEB","url":"https://crbug.com/632622"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/"},{"type":"WEB","url":"https://pdfium.googlesource.com/pdfium/+/b6befb2ed2485a3805cddea86dc7574510178ea9"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1854.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3660"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-4013"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-09"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374337"},{"type":"FIX","url":"https://github.com/uclouvain/openjpeg/commit/e078172b1c3f98d2219c37076b238fb759c751ea"},{"type":"ARTICLE","url":"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uclouvain/openjpeg","events":[{"introduced":"0"},{"fixed":"e078172b1c3f98d2219c37076b238fb759c751ea"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5157.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}