REDHAT-BUG-1761146
First published: Sat Oct 12 2019(Updated: )
It was discovered that the CMap class in the 2D component in OpenJDK did not check if TrueType font files could contain character map tables of declared size before performing memory allocation. A specially crafted font file could use this flaw to cause a Java application to use an excessive amount of memory and possibly unexpectedly exist due to an out of memory condition.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2019:3128
- https://access.redhat.com/errata/RHSA-2019:3127
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://access.redhat.com/errata/RHSA-2019:3136
- https://access.redhat.com/errata/RHSA-2019:3158
- https://access.redhat.com/errata/RHSA-2019:3157
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/e49640590658
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/e033daba121d
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/b9c5f852bbde
- https://access.redhat.com/security/cve/cve-2019-2992
- https://access.redhat.com/errata/RHSA-2019:4110
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
- https://bugzilla.redhat.com/show_bug.cgi?id=1761146
Frequently Asked Questions
What is the severity of REDHAT-BUG-1761146?
The severity of REDHAT-BUG-1761146 is considered high due to its potential to allow excessive memory allocation.
How do I fix REDHAT-BUG-1761146?
To fix REDHAT-BUG-1761146, you should apply the latest security patches released for OpenJDK.
What systems are affected by REDHAT-BUG-1761146?
REDHAT-BUG-1761146 affects systems running vulnerable versions of OpenJDK.
What is the cause of REDHAT-BUG-1761146?
The cause of REDHAT-BUG-1761146 is a failure in the CMap class to properly validate the size of character map tables in TrueType font files.
What could happen if REDHAT-BUG-1761146 is exploited?
If exploited, REDHAT-BUG-1761146 could lead to excessive memory consumption, potentially crashing Java applications.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-2992
- agent/source
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/openjdk