CVE-2017-3253

First published: Mon Jan 16 2017(Updated: )

It was discovered that the PNGImageReader in the javax.imageio package of the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when ignoreMetadata was set to true. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.

Credit: secalert_us@oracle.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• collector/launchpad-cve
• source/Launchpad
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2017-3253
• agent/author
• agent/remedy
• agent/severity
• collector/usn-cve
• source/Ubuntu
• agent/references
• agent/description
• agent/event
• collector/mitre-cve
• source/MITRE
• collector/security-tracker-debian
• source/Debian
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/trending
• agent/source
• agent/tags
• collector/nvd-cve
• source/NVD
• agent/software-canonical-lookup-request
• collector/nvd-index
• agent/softwarecombine
• package-manager/debian
• vendor/oracle
• canonical/oracle jdk 6
• version/oracle jdk 6/1.6-update_131
• version/oracle jdk 6/1.7-update_121
• version/oracle jdk 6/1.8-update_111
• version/oracle jdk 6/1.8-update_112
• canonical/oracle java runtime environment (jre)
• version/oracle java runtime environment (jre)/1.6-update_131
• version/oracle java runtime environment (jre)/1.7-update_121
• version/oracle java runtime environment (jre)/1.8-update_111
• version/oracle java runtime environment (jre)/1.8-update_112
• canonical/bea jrockit
• version/bea jrockit/r28.3.12