CVE-2016-5157

Name of the Vulnerable Software and Affected Versions OpenJPEG versions prior to 53.0.2785.89 Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified)

Description The issue is related to a heap-based buffer overflow in the opj dwt interleave v function in dwt.c in OpenJPEG. This function is used in PDFium in Google Chrome and Opera. The overflow can be triggered by remote attackers via crafted coordinate values in JPEG 2000 data, allowing them to execute arbitrary code.

Recommendations For Google Chrome on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome on Linux, update to version 53.0.2785.92 or later. For OpenJPEG, consider disabling the opj dwt interleave v function in dwt.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Opera.