Candidate: CVE-2016-5158
PublicDate: 2016-09-11 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158
 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
Description:
 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in
 OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
 and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause
 a denial of service (heap-based buffer overflow) or possibly have
 unspecified other impact via crafted JPEG 2000 data.
Ubuntu-Description:
Notes:
Bugs:
 https://crbug.com/628890
Priority: medium
Discovered-by: GiWan Go
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_chromium-browser:
upstream_chromium-browser: released (53.0.2785.92)
precise_chromium-browser: ignored
precise/esm_chromium-browser: DNE (precise was ignored)
trusty_chromium-browser: released (53.0.2785.143-0ubuntu0.14.04.1.1142)
trusty/esm_chromium-browser: DNE (trusty was released [53.0.2785.143-0ubuntu0.14.04.1.1142])
vivid/ubuntu-core_chromium-browser: DNE
vivid/stable-phone-overlay_chromium-browser: DNE
xenial_chromium-browser: released (53.0.2785.143-0ubuntu0.16.04.1.1254)
yakkety_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
zesty_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
artful_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
bionic_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
cosmic_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
disco_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
eoan_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
devel_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)

Patches_oxide-qt:
upstream_oxide-qt: not-affected
precise_oxide-qt: DNE
precise/esm_oxide-qt: DNE
trusty_oxide-qt: not-affected
trusty/esm_oxide-qt: DNE (trusty was not-affected)
vivid/ubuntu-core_oxide-qt: DNE
vivid/stable-phone-overlay_oxide-qt: not-affected
xenial_oxide-qt: not-affected
esm-infra/xenial_oxide-qt: not-affected
yakkety_oxide-qt: not-affected
zesty_oxide-qt: not-affected
artful_oxide-qt: not-affected
bionic_oxide-qt: DNE
cosmic_oxide-qt: DNE
disco_oxide-qt: DNE
eoan_oxide-qt: DNE
devel_oxide-qt: DNE

Patches_openjpeg:
upstream_openjpeg: needs-triage
precise_openjpeg: ignored (reached end-of-life)
precise/esm_openjpeg: DNE (precise was needed)
trusty_openjpeg: ignored (out of standard support)
trusty/esm_openjpeg: not-affected (code not present)
vivid/stable-phone-overlay_openjpeg: DNE
vivid/ubuntu-core_openjpeg: DNE
xenial_openjpeg: not-affected (code not present)
yakkety_openjpeg: ignored (reached end-of-life)
zesty_openjpeg: DNE
artful_openjpeg: DNE
bionic_openjpeg: DNE
cosmic_openjpeg: DNE
disco_openjpeg: DNE
eoan_openjpeg: DNE
devel_openjpeg: DNE

Patches_openjpeg2:
upstream_openjpeg2: released (2.2.0)
precise_openjpeg2: DNE
precise/esm_openjpeg2: DNE
trusty_openjpeg2: DNE
trusty/esm_openjpeg2: DNE
vivid/stable-phone-overlay_openjpeg2: DNE
vivid/ubuntu-core_openjpeg2: DNE
xenial_openjpeg2: released (2.1.2-1.1+deb9u2build0.1)

yakkety_openjpeg2: ignored (reached end-of-life)
zesty_openjpeg2: ignored (reached end-of-life)
artful_openjpeg2: ignored (reached end-of-life)
bionic_openjpeg2: not-affected (2.2.0-1)
cosmic_openjpeg2: not-affected (2.2.0-1)
disco_openjpeg2: not-affected (2.2.0-1)
eoan_openjpeg2: not-affected (2.2.0-1)
devel_openjpeg2: not-affected (2.2.0-1)