CVE-2016-0494

Name of the Vulnerable Software and Affected Versions Java SE versions 6u105, 7u91, and 8u66 Java SE Embedded version 8u65 libpng (affected versions not specified)

Description The issue is related to errors in the code of the Java Platform's 2D subcomponent. Exploitation of this issue may allow a remote attacker to execute arbitrary code using network packets via Java Web Start or a Java applet. The vulnerability affects the confidentiality, integrity, and availability of the system via unknown vectors related to 2D. Additionally, libpng is vulnerable to a buffer overflow caused by a read underflow in png check keyword, which could allow a remote attacker to execute arbitrary code or cause the application to crash by sending an overly long argument.

Recommendations For Java SE versions 6u105, 7u91, and 8u66, update to a version that contains the fix for this issue. For Java SE Embedded version 8u65, update to a version that contains the fix for this issue. For libpng, as a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using libpng to process untrusted images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for libpng.