CVE-2016-0475

Name of the Vulnerable Software and Affected Versions Java SE versions 8u66 Java SE Embedded versions 8u65 JRockit versions R28.3.8 libpng (affected versions not specified)

Description The issue is related to unspecified vulnerabilities in the Java SE, Java SE Embedded, and JRockit components, allowing remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. It is also associated with errors in the code of the Libraries subcomponent, which can be exploited by a remote attacker to read, modify, add, or delete data using network packets through Java Web Start or a Java applet. Additionally, there is a buffer overflow vulnerability in libpng, caused by a read underflow in png check keyword, which can be exploited by sending an overly long argument, potentially allowing a remote attacker to execute arbitrary code or cause the application to crash.

Recommendations For Java SE version 8u66, update to a version that includes the fix for this issue. For Java SE Embedded version 8u65, update to a version that includes the fix for this issue. For JRockit version R28.3.8, update to a version that includes the fix for this issue. For libpng, at the moment, there is no information about a newer version that contains a fix for this vulnerability.