NULL pointer dereference in openjdk-jre

Do your applications use this vulnerable package? Test your applications

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to NULL pointer dereference via the DrawGlyphList class in the 2D component in OpenJDK. A specially crafted font file could use this flaw to cause a Java application to crash.

Remediation

Upgrade openjdk-jre to version 7.0.231, 8.0.221, 11.0.5, 13.0.1 or higher.

References

Oracle Security Advisory
RedHat Bugzilla Bug

Attack Vector

Network
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Credit: Unknown
CVE: CVE-2019-2962
CWE: CWE-476
Snyk ID: SNYK-UPSTREAM-OPENJDKJRE-473431
Disclosed: 16 Oct, 2019
Published: 16 Oct, 2019

NULL pointer dereference
Affecting openjdk-jre package, versions [1.7.0, 1.7.0_231) || [1.8.0, 1.8.0_221) || [11.0.0, 11.0.5) || [13.0.0, 13.0.1)

Overview

Remediation

References

CVSS Score

NULL pointer dereference Affecting openjdk-jre package, versions [1.7.0, 1.7.0_231) || [1.8.0, 1.8.0_221) || [11.0.0, 11.0.5) || [13.0.0, 13.0.1)

Overview

Remediation

References

NULL pointer dereference
Affecting openjdk-jre package, versions [1.7.0, 1.7.0_231) || [1.8.0, 1.8.0_221) || [11.0.0, 11.0.5) || [13.0.0, 13.0.1)