pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opjpinextrpcl, opjpinextpcrl, and opjpinext_cprl functions.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "chromium-chromedriver": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-browser-dbg": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg-dbg": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-browser-dbgsym": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg-extra-dbgsym": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-chromedriver-dbgsym": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-browser": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg-extra-dbg": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg-dbgsym": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-browser-l10n": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-chromedriver-dbg": "48.0.2564.116-0ubuntu0.14.04.1.1111", "chromium-codecs-ffmpeg-extra": "48.0.2564.116-0ubuntu0.14.04.1.1111" } ] }