CVE-2016-0483

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u105, 7u91, and 8u66 Java SE Embedded version 8u65 JRockit version R28.3.8

Description The issue is related to errors in the code of the AWT subcomponent of Jrockit and Java Platform. Exploitation of this issue may allow a remote attacker to execute arbitrary code via network packets. The vulnerability is reportedly a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. This can affect the confidentiality, integrity, and availability of the system.

Recommendations For Oracle Java SE versions 6u105, 7u91, and 8u66, update to a version that is not affected by this issue. For Java SE Embedded version 8u65, update to a version that is not affected by this issue. For JRockit version R28.3.8, update to a version that is not affected by this issue. As a temporary workaround, consider disabling the readImage function until a patch is available. Restrict access to vectors related to AWT to minimize the risk of exploitation.