CVE-2016-1626

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 48.0.2564.109 Google Chrome versions prior to 48.0.2564.109 PDFium versions prior to 48.0.2564.109 Opera versions prior to 48.0.2564.109

Description The issue is related to the opj pi update decode poc function in pi.c in OpenJPEG, which is used in PDFium in Google Chrome and Opera. This function miscalculates a certain layer index value, allowing remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. The vulnerability can be exploited by a specially crafted PDF document, leading to a denial of service.

Recommendations For Google Chrome versions prior to 48.0.2564.109, update to version 48.0.2564.109 or later. For Opera versions prior to 48.0.2564.109, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the opj pi update decode poc function in pi.c until a patch is available. Restrict access to PDF documents from untrusted sources to minimize the risk of exploitation.