Heap-based Buffer Overflow in OpenJPEG's j2k.c Allows Remote Code Execution via Crafted PDF Document

Heap-based Buffer Overflow in OpenJPEG's j2k.c Allows Remote Code Execution via Crafted PDF Document

CVE-2016-1681 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

Learn more about our Cis Benchmark Audit For Google Chrome.