CVE-2016-5159
Publication date 11 September 2016
Last updated 25 August 2025
Ubuntu priority
Description
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openjpeg2 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 2.1.2-1.1+deb9u2build0.1
|
|
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 53.0.2785.143-0ubuntu1.1307
|
|
| 16.04 LTS xenial |
Fixed 53.0.2785.143-0ubuntu0.16.04.1.1254
|
|
| 14.04 LTS trusty |
Fixed 53.0.2785.143-0ubuntu0.14.04.1.1142
|
|
| openjpeg | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |