{"alias":[],"description":"Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.","epss":{"percentile":"0.84507","score":"0.021890"},"id":"CVE-2016-1645","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"NONE","availability_impact":"COMPLETE","base_score":9.3,"base_severity":"HIGH","confidentiality_impact":"COMPLETE","exploitability_score":8.6,"impact_score":10.0,"integrity_impact":"COMPLETE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:N\/C:C\/I:C\/A:C","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"HIGH","base_score":8.8,"base_severity":"HIGH","confidentiality_impact":"HIGH","exploitability_score":2.8,"impact_score":5.9,"integrity_impact":"HIGH","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"REQUIRED","vector_string":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","version":"3.1"}},"modified":"2026-05-06T22:30:45","nvd_status":"Modified","published":"2016-03-13T22:59:05","score":8.8,"severity":"HIGH","source":"chrome-cve-admin@google.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","type":"weakness"}]}