OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)

🗓️ 02 Feb 2016 10:04:39Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

OpenJDK JPEG decoder boundary check flaw in AWT enables out-of-bounds write and code execution.

Reporter	Title	Published	Views	Family All 273
IBM Security Bulletins	Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7575, CVE-2016-0483, etc.)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Title Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Identity Governance and Intelligence 5.2	16 Jun 201821:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)	17 Jun 201805:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time	15 Jun 201807:04	–	ibm
IBM Security Bulletins	Security Bulletin: CICS Transaction Gateway for Multiplatforms	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients.	7 Dec 202008:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager (FSM) Storage Management Install Anywhere (SMIA)	18 Jun 201801:34	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.i386.rpm
Red Hat Enterprise Linux	5	ppc	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.ppc64.rpm
Red Hat Enterprise Linux	5	s390	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.s390.rpm
Red Hat Enterprise Linux	5	s390x	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-ibm	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.7.0-ibm-demo	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5.i386.rpm
Red Hat Enterprise Linux	5	ppc	java-1.7.0-ibm-demo	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	java-1.7.0-ibm-demo	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5.ppc64.rpm
Red Hat Enterprise Linux	5	s390	java-1.7.0-ibm-demo	1:1.7.0.9.30-1jpp.1.el5	java-1.7.0-ibm-demo-1:1.7.0.9.30-1jpp.1.el5.s390.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
access	www.access.redhat.com/security/cve/CVE-2016-0483
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-0483
cve	www.cve.org/CVERecord

14 May 2026 22:22Current

7.3High risk

Vulners AI Score7.3

CVSS 210

EPSS0.09896

openjdk jpeg decoder awt component boundary check out of bounds code execution sandbox bypass