Dan Heidinga

Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.14.0 Oracle Java SE (affected versions not specified) Description: The issue involves incorrect handling in the Java bytecode verifier, allowing a method to execute past the end of the bytecode array, which can cause crashes. Additionally, there is an unspecified vulnerability related to the Java SE 2D component that could allow an unauthenticated attacker to take control of the system. Recommendations: For Eclipse OpenJ9 versions prior to 0.14.0, update to version 0.14.0 or later to resolve the issue. For Oracle Java SE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eclipse OpenJ9 versions prior to 0.12.0 libjpeg (affected versions not specified) **Description** The issue is related to buffer overflow in the jio snprintf and jio vsnprintf functions of Eclipse OpenJ9, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. In Eclipse OpenJ9, the jio snprintf() and jio vsnprintf() native methods ignored the length parameter, affecting existing APIs that called these functions to exceed the allocated buffer. Additionally, libjpeg is vulnerable to a denial of service caused by a divide-by-zero error in the alloc sarray function, which can be exploited by a remote attacker to cause the application to crash by persuading a victim to open a specially-crafted file. **Recommendations** For Eclipse OpenJ9 versions prior to 0.12.0, update to version 0.12.0 or later to resolve the issue. For libjpeg, at the moment, there is no information about a newer version that contains a fix for this vulnerability.