PT-2016-1802 · Oracle+3 · Java Se+4

Bo13Oy

Publicado

2016-04-21

Atualizado

2022-05-13

CVE-2016-3443

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u113, 7u99, and 8u77

Description The issue affects confidentiality, integrity, and availability via vectors related to 2D. It is reported that this issue may allow remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read. The vulnerability is related to errors in the code and can be exploited by a remote attacker to influence the integrity, availability, and confidentiality of information.

Recommendations For Oracle Java SE version 6u113, update to a version that includes the fix for this issue. For Oracle Java SE version 7u99, update to a version that includes the fix for this issue. For Oracle Java SE version 8u77, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the 2D component until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2016-01135

CVE-2016-3443

RHSA-2016:0677

RHSA-2016:0678

RHSA-2016:0679

RHSA-2016:0701

RHSA-2016:0702

RHSA-2016:0708

RHSA-2016:0716

RHSA-2016:1039

RHSA-2016:1430

RHSA-2016_0677

RHSA-2016_0678

RHSA-2016_0679

RHSA-2016_0701

RHSA-2016_0708

RHSA-2016_0716

RHSA-2016_1039

RHSA-2017:1216

SUSE-SU-2016:1299-1

SUSE-SU-2016:1300-1

SUSE-SU-2016:1303-1

SUSE-SU-2016:1378-1

SUSE-SU-2016:1379-1

SUSE-SU-2016:1458-1

SUSE-SU-2016:1475-1

ZDI-16-376

Produtos afetados

Ibm Aix

Java Platform

Java Se

Red Hat

Suse

PT-2016-1802 · Oracle+3 · Java Se+4

CVE-2016-3443

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58