Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-1686

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://codereview.chr...
CONFIRM: https://crbug.com/603518
DEBIAN: DSA-3590
REDHAT: RHSA-2016:1190
SUSE: openSUSE-SU-2016:1430
SUSE: openSUSE-SU-2016:1433
SUSE: openSUSE-SU-2016:1496
SECTRACK: 1035981
BID: 90876
GENTOO: GLSA-201607-07

Launchpad.net

CVE 2016-1686

Related bugs

References