CVE-2016-1619

Description

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

References

Link	Tags
http://www.securityfocus.com/bid/81430	vdb entry
http://rhn.redhat.com/errata/RHSA-2016-0072.html	vendor advisory
http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html
http://www.securitytracker.com/id/1034801	vdb entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html	vendor advisory
https://codereview.chromium.org/1521473003
https://code.google.com/p/chromium/issues/detail?id=557223
https://security.gentoo.org/glsa/201603-09	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html	vendor advisory
http://www.debian.org/security/2016/dsa-3456	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2016-1619?: CVE-2016-1619 has been scored as a high severity vulnerability.
How to fix CVE-2016-1619?: To fix CVE-2016-1619, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-1619 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2016-1619 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions