CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159

[Gogil]

Google fixed this code with:

CVE-2016-5139
Prevent integer overflows during calculation of |l_nb_precinct_size|
https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d

CVE-2016-5152
Fix an integer overflow in opj_tcd_get_decoded_tile_size()
https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e

CVE-2016-5158
Prevent overflows when using opj_aligned_malloc()
https://pdfium.googlesource.com/pdfium.git/+/b20ab6c7acb3be1393461eb650ca8fa4660c937e

CVE-2016-5159
Prevent integer overflows during calculation of |l_nb_code_blocks_size|
https://pdfium.googlesource.com/pdfium.git/+/ff74356915d4c7f7c6eb16de1e9f403da4ecb6d5

[Gogil]

CVE-2016-5158 is fixed: 9a07ccb

[nluedtke]

CVE-2016-5139 looks to be fixed with ea320da and issue #819

[nluedtke]

Gogil I think you mean CVE-2016-5159 is fixed with 9a07ccb and #841. Thats the one that deals with obj_aligned_malloc().

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5159

[Gogil]

That's right.

[nluedtke]

For CVE-2016-5152 the vulnerable code does appear to be present in tcd.c.
For CVE-2016-5158 also appears to be in tcd.c, which leaves me to believe this are both open still.

[rouault]

I believe all the checks of CVE-2016-5158 / https://pdfium.googlesource.com/pdfium.git/+/b20ab6c7acb3be1393461eb650ca8fa4660c937e/third_party/libopenjpeg20/0020-opj_aligned_malloc.patch are now in master

[rouault]

It seems all above mentionned issues are now fixed. Closing. Re-open if we missed something