CVE-2018-12547

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions prior to 0.12.0 libjpeg (affected versions not specified)

Description The issue is related to buffer overflow in the jio snprintf and jio vsnprintf functions of Eclipse OpenJ9, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. In Eclipse OpenJ9, the jio snprintf() and jio vsnprintf() native methods ignored the length parameter, affecting existing APIs that called these functions to exceed the allocated buffer. Additionally, libjpeg is vulnerable to a denial of service caused by a divide-by-zero error in the alloc sarray function, which can be exploited by a remote attacker to cause the application to crash by persuading a victim to open a specially-crafted file.

Recommendations For Eclipse OpenJ9 versions prior to 0.12.0, update to version 0.12.0 or later to resolve the issue. For libjpeg, at the moment, there is no information about a newer version that contains a fix for this vulnerability.