Security News > 2016 > June > Bug in Chrome’s PDF reader allows arbitrary code execution (Help Net Security)

Bug in Chrome’s PDF reader allows arbitrary code execution (Help Net Security)
2016-06-09 17:59

Vulnerabilities in software often arise from faulty implementations of elements developed by other code writers. Take for example CVE-2016-1681, the heap-based buffer overflow vulnerability affecting PDFium, the default PDF reader that is included in the Google Chrome web browser. The vulnerability is present in OpenJPEG, the underlying jpeg2000 parsing library. “An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ex17XloKlIw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-06-05 CVE-2016-1681 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
network
low complexity
debian redhat suse opensuse google CWE-119
8.8
8.8