CVE-2019-11774

CVE-2019-11774 affects Eclipse OMR versions prior to 0.1. The issue is in the loop versioner: when a condition is moved out of the loop and reads a field, the privatization of that field’s value may fail in the modified loop copy, allowing one value to be observed while the loop later sees a modi...

CVE-2025-1470

CVE-2025-1470 affects Eclipse OMR: prior to version 0.5.0, internal OMR port library and z/OS atoe function consumers did not properly check NULL pointers or allocation failures, risking NULL pointer dereferences. Beginning with 0.5.0, OMR consumers handle NULL return values and memory allocation...

CVE-2019-11773

CVE-2019-11773 affects AIX builds of Eclipse OMR prior to 0.1, where unused RPATHs may allow local code injection and privilege elevation. Root cause: unused RPATHs in the build. Impact: potential escalation by local users. Exploit details, affected versions beyond the stated range, and concrete ...

CVE-2025-1471

CVE-2025-1471 concerns Eclipse OMR: z/OS atoe print functions using a constant-length buffer from versions 0.2.0–0.4.0, enabling a buffer overflow if input exceeds the buffer. Beginning with 0.5.0, conversion buffers are sized and checked to prevent overflow. Connected sources confirm this CVE ac...

CVE-2026-1188

CVE-2026-1188 affects the Eclipse OMR port library component (since release 0.2.0) where a function returning the textual names of processor features failed to account for the separator between features. When the output buffer is not sized to accommodate the separator, a buffer overflow could occ...

CVE-2025-14549

CVE-2025-14549 affects the Eclipse OMR compiler component. Since release 0.7.0, an optimization for Eclipse OpenJ9 users on IBM Z incorrectly handles NUL (0x00) characters when translating between Latin‑compatible charsets (UTF-8, ISO8859‑1, ASCII, etc) and IBM-1047/037. The result can truncate t...