Vij Singh

**Name of the Vulnerable Software and Affected Versions** Eclipse OpenJ9 version 0.11.0 libjpeg (affected versions not specified) **Description** The issue is related to insufficient input validation in the OpenJ9 JIT compiler component of the Eclipse OpenJ9 virtual machine. This can be exploited by a remote attacker to execute arbitrary code. Additionally, there is a problem with the OpenJ9 JIT compiler incorrectly omitting a null check on the receiver object of an Unsafe call when accelerating it. Furthermore, libjpeg is vulnerable to a denial of service caused by a divide-by-zero error in the alloc sarray function in jmemmgr.c, which can be exploited by a remote attacker to cause the application to crash by persuading a victim to open a specially-crafted file. **Recommendations** For Eclipse OpenJ9 version 0.11.0, consider disabling the JIT compiler as a temporary workaround until a patch is available. For libjpeg, avoid using the alloc sarray function in jmemmgr.c until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.