vendor:
Java Runtime Environment
by:
7.5
CVSS
HIGH
Heap Corruption
CWE
Product Name: Java Runtime Environment
Affected Version From: 8u202
Affected Version To: 8u202
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows, Linux
Heap Corruption in Oracle Java Runtime Environment
A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library. It manifests itself in the form of a crash when running the command 'bin/java -cp . DisplaySfntFont test.ttf'. The crash can also be triggered under Valgrind on Linux platforms.