CVE-2016-5152

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 53.0.2785.89 Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera versions prior to 53.0.2785.89

Description The issue is related to an integer overflow in the opj tcd get decoded tile size function in tcd.c in OpenJPEG. This can be exploited by remote attackers using crafted JPEG 2000 data, potentially leading to a denial of service (heap-based buffer overflow) or other unspecified impacts.

Recommendations For OpenJPEG, update to a version that fixes the integer overflow in the opj tcd get decoded tile size function. For Google Chrome on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome on Linux, update to version 53.0.2785.92 or later. For Opera, update to a version that includes the fix for the integer overflow in OpenJPEG. As a temporary workaround, consider restricting the use of crafted JPEG 2000 data until a patch is available.