CVE-2016-0494Incorrect Conversion between Numeric Types in Oracle JDK

CWE-681Incorrect Conversion between Numeric Types11 documents8 sources
Severity
10.0CRITICALNVD
OSV5.9
EPSS
8.7%
top 7.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Ubuntu LinuxOracle JDKOracle JRE
Timeline
PublishedJan 21
Latest updateMay 13

Description

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

4
GHSA
GHSA-2rw6-f687-5qwg: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remo2022-05-13
OSV
openjdk-7 vulnerabilities2016-02-01
CVEList
CVE-2016-0494: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remo2016-01-21
OSV
CVE-2016-0494: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remo2016-01-21

📋Vendor Advisories

5
Ubuntu
ICU vulnerabilities2017-03-13
Ubuntu
OpenJDK 7 vulnerabilities2016-02-01
Ubuntu
OpenJDK 6 vulnerabilities2016-02-01
Red Hat
ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)2016-01-19
Debian
CVE-2016-0494: icu - Unspecified vulnerability in the Java SE and Java SE Embedded components in Orac...2016

💬Community

1
Bugzilla
CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)2016-01-15
CVE-2016-0494 — Oracle JDK vulnerability | cvebase