HTTP: Google Chrome Multiple Integer Overflows

This signature detects attempts to exploit multiple integer overflow vulnerabilities in the Google Chrome. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

Affected Products

Google chrome

Short Name
HTTP:STC:DL:CHROME-MUL-IOV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 Chrome Google Integer Multiple Overflows bid:92717
Release Date
03/30/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Opensuse

Google

CVSS Score

6.8

Found a potential security threat?