CVE-2016-0483 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Oracle	Jdk Jre Jrockit
Redhat	Enterprise Linux Network Satellite Rhel Extras Rhel Extras Oracle Java

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2016:0057	2016-01-21T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0055	2016-01-21T00:00:00Z
java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2016:0057	2016-01-21T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0055	2016-01-21T00:00:00Z
java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0056	2016-01-21T00:00:00Z
java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2016:0057	2016-01-21T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:0054	2016-01-21T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:0067	2016-01-26T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2016:0100	2016-02-02T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2016:0101	2016-02-02T00:00:00Z
Red Hat Enterprise Linux 6
java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0050	2016-01-20T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0053	2016-01-21T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el6_7	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0067	2016-01-26T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2016:0099	2016-02-02T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7	cpe:/a:redhat:rhel_extras:6	RHSA-2016:0101	2016-02-02T00:00:00Z
Red Hat Enterprise Linux 7
java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0049	2016-01-20T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0054	2016-01-21T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0067	2016-01-26T00:00:00Z
Red Hat Enterprise Linux 7 Supplementary
java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2016:0098	2016-02-02T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7	cpe:/a:redhat:rhel_extras:7	RHSA-2016:0099	2016-02-02T00:00:00Z
Red Hat Satellite 5.6
java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
spacewalk-java-0:2.0.2-109.el5sat	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2016:1430	2016-07-18T00:00:00Z
Red Hat Satellite 5.7
java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2016:1430	2016-07-18T00:00:00Z
spacewalk-java-0:2.3.8-146.el6sat	cpe:/a:redhat:network_satellite:5.7::el6	RHSA-2016:1430	2016-07-18T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
http://rhn.redhat.com/errata/RHSA-2016-0049.html
http://rhn.redhat.com/errata/RHSA-2016-0050.html
http://rhn.redhat.com/errata/RHSA-2016-0053.html
http://rhn.redhat.com/errata/RHSA-2016-0054.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://rhn.redhat.com/errata/RHSA-2016-0056.html
http://rhn.redhat.com/errata/RHSA-2016-0057.html
http://rhn.redhat.com/errata/RHSA-2016-0067.html
http://www.debian.org/security/2016/dsa-3458
http://www.debian.org/security/2016/dsa-3465
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securitytracker.com/id/1034715
http://www.ubuntu.com/usn/USN-2884-1
http://www.ubuntu.com/usn/USN-2885-1
http://www.zerodayinitiative.com/advisories/ZDI-16-032
https://access.redhat.com/errata/RHSA-2016:1430
https://nvd.nist.gov/vuln/detail/CVE-2016-0483
https://security.gentoo.org/glsa/201603-14
https://security.gentoo.org/glsa/201610-08
https://www.cve.org/CVERecord?id=CVE-2016-0483

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032"}, {"name": "openSUSE-SU-2016:0272", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "1034715", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034715"}, {"name": "openSUSE-SU-2016:0279", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"name": "USN-2884-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2884-1"}, {"name": "DSA-3465", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3465"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2885-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2885-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "RHSA-2016:0049", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"}, {"name": "openSUSE-SU-2016:0270", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"name": "RHSA-2016:0053", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"}, {"name": "SUSE-SU-2016:0269", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "RHSA-2016:0067", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html"}, {"name": "openSUSE-SU-2016:0263", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "GLSA-201603-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-14"}, {"name": "RHSA-2016:0057", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "RHSA-2016:0054", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"}, {"name": "RHSA-2016:0056", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "RHSA-2016:0050", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"}, {"name": "DSA-3458", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3458"}, {"name": "SUSE-SU-2016:0265", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-032", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032"}, {"name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715"}, {"name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08"}, {"name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1"}, {"name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"}, {"name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"}, {"name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html"}, {"name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14"}, {"name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"}, {"name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"}, {"name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458"}, {"name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:22:54.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032"}, {"name": "openSUSE-SU-2016:0272", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"name": "1034715", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034715"}, {"name": "openSUSE-SU-2016:0279", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"name": "GLSA-201610-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-08"}, {"name": "USN-2884-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2884-1"}, {"name": "DSA-3465", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3465"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2885-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2885-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "RHSA-2016:1430", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"name": "RHSA-2016:0049", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"}, {"name": "openSUSE-SU-2016:0270", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"name": "RHSA-2016:0053", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"}, {"name": "SUSE-SU-2016:0269", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"name": "RHSA-2016:0067", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html"}, {"name": "openSUSE-SU-2016:0263", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"name": "SUSE-SU-2016:0256", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"name": "GLSA-201603-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-14"}, {"name": "RHSA-2016:0057", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"name": "RHSA-2016:0055", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"name": "RHSA-2016:0054", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"}, {"name": "RHSA-2016:0056", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"name": "openSUSE-SU-2016:0268", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"name": "RHSA-2016:0050", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"}, {"name": "DSA-3458", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3458"}, {"name": "SUSE-SU-2016:0265", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0483", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:54.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-01-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-06-30T16:57:01 (string)

orgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

shortName : oracle (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

}

1 : { »

name : openSUSE-SU-2016:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html (string)

}

2 : { »

name : 1034715 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1034715 (string)

}

3 : { »

name : openSUSE-SU-2016:0279 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html (string)

}

4 : { »

name : GLSA-201610-08 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201610-08 (string)

}

5 : { »

name : USN-2884-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2884-1 (string)

}

6 : { »

name : DSA-3465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2016/dsa-3465 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

}

8 : { »

name : USN-2885-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2885-1 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

}

10 : { »

name : RHSA-2016:1430 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2016:1430 (string)

}

11 : { »

name : RHSA-2016:0049 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0049.html (string)

}

12 : { »

name : openSUSE-SU-2016:0270 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html (string)

}

13 : { »

name : RHSA-2016:0053 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0053.html (string)

}

14 : { »

name : SUSE-SU-2016:0269 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html (string)

}

15 : { »

name : RHSA-2016:0067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0067.html (string)

}

16 : { »

name : openSUSE-SU-2016:0263 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html (string)

}

17 : { »

name : SUSE-SU-2016:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html (string)

}

18 : { »

name : GLSA-201603-14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201603-14 (string)

}

19 : { »

name : RHSA-2016:0057 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0057.html (string)

}

20 : { »

name : RHSA-2016:0055 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0055.html (string)

}

21 : { »

name : RHSA-2016:0054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0054.html (string)

}

22 : { »

name : RHSA-2016:0056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0056.html (string)

}

23 : { »

name : openSUSE-SU-2016:0268 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html (string)

}

24 : { »

name : RHSA-2016:0050 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0050.html (string)

}

25 : { »

name : DSA-3458 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2016/dsa-3458 (string)

}

26 : { »

name : SUSE-SU-2016:0265 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert_us@oracle.com (string)

ID : CVE-2016-0483 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

refsource : MISC (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

}

1 : { »

name : openSUSE-SU-2016:0272 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html (string)

}

2 : { »

name : 1034715 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1034715 (string)

}

3 : { »

name : openSUSE-SU-2016:0279 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html (string)

}

4 : { »

name : GLSA-201610-08 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201610-08 (string)

}

5 : { »

name : USN-2884-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2884-1 (string)

}

6 : { »

name : DSA-3465 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2016/dsa-3465 (string)

}

7 : { »

name : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

}

8 : { »

name : USN-2885-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2885-1 (string)

}

9 : { »

name : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

}

10 : { »

name : RHSA-2016:1430 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2016:1430 (string)

}

11 : { »

name : RHSA-2016:0049 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0049.html (string)

}

12 : { »

name : openSUSE-SU-2016:0270 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html (string)

}

13 : { »

name : RHSA-2016:0053 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0053.html (string)

}

14 : { »

name : SUSE-SU-2016:0269 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html (string)

}

15 : { »

name : RHSA-2016:0067 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0067.html (string)

}

16 : { »

name : openSUSE-SU-2016:0263 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html (string)

}

17 : { »

name : SUSE-SU-2016:0256 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html (string)

}

18 : { »

name : GLSA-201603-14 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201603-14 (string)

}

19 : { »

name : RHSA-2016:0057 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0057.html (string)

}

20 : { »

name : RHSA-2016:0055 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0055.html (string)

}

21 : { »

name : RHSA-2016:0054 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0054.html (string)

}

22 : { »

name : RHSA-2016:0056 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0056.html (string)

}

23 : { »

name : openSUSE-SU-2016:0268 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html (string)

}

24 : { »

name : RHSA-2016:0050 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0050.html (string)

}

25 : { »

name : DSA-3458 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2016/dsa-3458 (string)

}

26 : { »

name : SUSE-SU-2016:0265 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:22:54.250Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

}

1 : { »

name : openSUSE-SU-2016:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html (string)

}

2 : { »

name : 1034715 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1034715 (string)

}

3 : { »

name : openSUSE-SU-2016:0279 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html (string)

}

4 : { »

name : GLSA-201610-08 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201610-08 (string)

}

5 : { »

name : USN-2884-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2884-1 (string)

}

6 : { »

name : DSA-3465 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2016/dsa-3465 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

}

8 : { »

name : USN-2885-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2885-1 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

}

10 : { »

name : RHSA-2016:1430 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2016:1430 (string)

}

11 : { »

name : RHSA-2016:0049 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0049.html (string)

}

12 : { »

name : openSUSE-SU-2016:0270 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html (string)

}

13 : { »

name : RHSA-2016:0053 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0053.html (string)

}

14 : { »

name : SUSE-SU-2016:0269 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html (string)

}

15 : { »

name : RHSA-2016:0067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0067.html (string)

}

16 : { »

name : openSUSE-SU-2016:0263 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html (string)

}

17 : { »

name : SUSE-SU-2016:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html (string)

}

18 : { »

name : GLSA-201603-14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201603-14 (string)

}

19 : { »

name : RHSA-2016:0057 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0057.html (string)

}

20 : { »

name : RHSA-2016:0055 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0055.html (string)

}

21 : { »

name : RHSA-2016:0054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0054.html (string)

}

22 : { »

name : RHSA-2016:0056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0056.html (string)

}

23 : { »

name : openSUSE-SU-2016:0268 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html (string)

}

24 : { »

name : RHSA-2016:0050 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0050.html (string)

}

25 : { »

name : DSA-3458 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2016/dsa-3458 (string)

}

26 : { »

name : SUSE-SU-2016:0265 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

assignerShortName : oracle (string)

cveId : CVE-2016-0483 (string)

datePublished : 2016-01-21T02:00:00 (string)

dateReserved : 2015-12-09T00:00:00 (string)

dateUpdated : 2024-08-05T22:22:54.250Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jrockit:r28.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "79B1FE51-77FB-465F-BCF0-7076CBF54BF6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 6u105, 7u91 y 8u66; Java SE Embedded 8u65; y JRockit R28.3.8 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores relacionados con AWT. NOTA: la informaci\u00f3n anterior es de la CPU de Enero de 2016. Oracle no ha comentado sobre las reclamaciones de terceros que esto es desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n readImage, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos de imagen manipulada."}], "evaluatorComment": "Per Oracle:  Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.", "id": "CVE-2016-0483", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2016-01-21T03:00:31.307", "references": [{"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2016/dsa-3458"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2016/dsa-3465"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034715"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2884-1"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2885-1"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032"}, {"source": "secalert_us@oracle.com", "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201603-14"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201610-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2884-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2885-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2016:1430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201610-08"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:* (string)

matchCriteriaId : B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:* (string)

matchCriteriaId : 4B0EF44A-833C-4B9D-824A-5E0FFFBA8340 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:* (string)

matchCriteriaId : D6C77242-C6FB-4BED-BA51-E9477D64E311 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:* (string)

matchCriteriaId : 7CB263D7-6718-4BE2-8423-B25FD727915E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:* (string)

matchCriteriaId : CB1CAC76-2414-43D0-917D-5C1E60438178 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:* (string)

matchCriteriaId : 1475C6EC-E2F6-4881-A89E-FB75C1AD1F20 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:jrockit:r28.3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 79B1FE51-77FB-465F-BCF0-7076CBF54BF6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* (string)

matchCriteriaId : F38D3B7E-8429-473F-BB31-FC3583EE5A5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* (string)

matchCriteriaId : E88A537F-F4D0-46B9-9E37-965233C2A355 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad no especificada en Oracle Java SE 6u105, 7u91 y 8u66; Java SE Embedded 8u65; y JRockit R28.3.8 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con AWT. NOTA: la información anterior es de la CPU de Enero de 2016. Oracle no ha comentado sobre las reclamaciones de terceros que esto es desbordamiento de buffer basado en memoria dinámica en la función readImage, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos de imagen manipulada. (string)

}

]

evaluatorComment : Per Oracle: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (string)

id : CVE-2016-0483 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2016-01-21T03:00:31.307 (string)

references : [ »

0 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html (string)

}

1 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html (string)

}

2 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html (string)

}

3 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html (string)

}

4 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html (string)

}

5 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html (string)

}

6 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html (string)

}

7 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html (string)

}

8 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0049.html (string)

}

9 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0050.html (string)

}

10 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0053.html (string)

}

11 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0054.html (string)

}

12 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0055.html (string)

}

13 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0056.html (string)

}

14 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0057.html (string)

}

15 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0067.html (string)

}

16 : { »

source : secalert_us@oracle.com (string)

url : http://www.debian.org/security/2016/dsa-3458 (string)

}

17 : { »

source : secalert_us@oracle.com (string)

url : http://www.debian.org/security/2016/dsa-3465 (string)

}

18 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

}

19 : { »

source : secalert_us@oracle.com (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

}

20 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1034715 (string)

}

21 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2884-1 (string)

}

22 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2885-1 (string)

}

23 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

}

24 : { »

source : secalert_us@oracle.com (string)

url : https://access.redhat.com/errata/RHSA-2016:1430 (string)

}

25 : { »

source : secalert_us@oracle.com (string)

url : https://security.gentoo.org/glsa/201603-14 (string)

}

26 : { »

source : secalert_us@oracle.com (string)

url : https://security.gentoo.org/glsa/201610-08 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0049.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0050.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0053.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0054.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0055.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0056.html (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0057.html (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0067.html (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2016/dsa-3458 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2016/dsa-3465 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1034715 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2884-1 (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2885-1 (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-16-032 (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2016:1430 (string)

}

52 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201603-14 (string)

}

53 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201610-08 (string)

}

]

sourceIdentifier : secalert_us@oracle.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0055", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0055", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0056", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0057", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0054", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0067", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0100", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0101", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0050", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-01-20T00:00:00Z"}, {"advisory": "RHSA-2016:0053", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0067", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0099", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0101", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0049", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-01-20T00:00:00Z"}, {"advisory": "RHSA-2016:0054", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:0067", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-01-26T00:00:00Z"}, {"advisory": "RHSA-2016:0098", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0099", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7", "product_name": "Red Hat Enterprise Linux 7 Supplementary", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "spacewalk-java-0:2.0.2-109.el5sat", "product_name": "Red Hat Satellite 5.6", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7", "product_name": "Red Hat Satellite 5.7", "release_date": "2016-07-18T00:00:00Z"}, {"advisory": "RHSA-2016:1430", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-java-0:2.3.8-146.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2016-07-18T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)", "id": "1299441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299441"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-787", "details": ["Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.", "An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions."], "name": "CVE-2016-0483", "public_date": "2016-01-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0483\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0483\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA"], "threat_severity": "Critical"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2016:0056 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:5 (string)

package : java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 5 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2016:0057 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:5 (string)

package : java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 5 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2016:0055 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:6 (string)

package : java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2016:0056 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:6 (string)

package : java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2016:0057 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:6 (string)

package : java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2016:0055 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:7 (string)

package : java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2016:0056 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:7 (string)

package : java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2016:0057 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:7 (string)

package : java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2016:0054 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2016:0067 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2016-01-26T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2016:0100 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 (string)

product_name : Red Hat Enterprise Linux 5 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2016:0101 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 (string)

product_name : Red Hat Enterprise Linux 5 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2016:0050 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-20T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2016:0053 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2016:0067 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2016-01-26T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2016:0099 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2016:0101 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 (string)

product_name : Red Hat Enterprise Linux 6 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2016:0049 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-20T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2016:0054 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-21T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2016:0067 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el7_2 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2016-01-26T00:00:00Z (string)

}

20 : { »

advisory : RHSA-2016:0098 (string)

cpe : cpe:/a:redhat:rhel_extras:7 (string)

package : java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7 (string)

product_name : Red Hat Enterprise Linux 7 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

21 : { »

advisory : RHSA-2016:0099 (string)

cpe : cpe:/a:redhat:rhel_extras:7 (string)

package : java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 (string)

product_name : Red Hat Enterprise Linux 7 Supplementary (string)

release_date : 2016-02-02T00:00:00Z (string)

}

22 : { »

advisory : RHSA-2016:1430 (string)

cpe : cpe:/a:redhat:network_satellite:5.6::el5 (string)

package : java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 (string)

product_name : Red Hat Satellite 5.6 (string)

release_date : 2016-07-18T00:00:00Z (string)

}

23 : { »

advisory : RHSA-2016:1430 (string)

cpe : cpe:/a:redhat:network_satellite:5.6::el5 (string)

package : java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 (string)

product_name : Red Hat Satellite 5.6 (string)

release_date : 2016-07-18T00:00:00Z (string)

}

24 : { »

advisory : RHSA-2016:1430 (string)

cpe : cpe:/a:redhat:network_satellite:5.6::el5 (string)

package : spacewalk-java-0:2.0.2-109.el5sat (string)

product_name : Red Hat Satellite 5.6 (string)

release_date : 2016-07-18T00:00:00Z (string)

}

25 : { »

advisory : RHSA-2016:1430 (string)

cpe : cpe:/a:redhat:network_satellite:5.7::el6 (string)

package : java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 (string)

product_name : Red Hat Satellite 5.7 (string)

release_date : 2016-07-18T00:00:00Z (string)

}

26 : { »

advisory : RHSA-2016:1430 (string)

cpe : cpe:/a:redhat:network_satellite:5.7::el6 (string)

package : spacewalk-java-0:2.3.8-146.el6sat (string)

product_name : Red Hat Satellite 5.7 (string)

release_date : 2016-07-18T00:00:00Z (string)

}

]

bugzilla : { »

description : OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) (string)

id : 1299441 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1299441 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-787 (string)

details : [ »

0 : Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. (string)

1 : An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (string)

]

name : CVE-2016-0483 (string)

public_date : 2016-01-19T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2016-0483 https://nvd.nist.gov/vuln/detail/CVE-2016-0483 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object