It was discovered that the CMap class in the 2D component in OpenJDK did not check if TrueType font files could contain character map tables of declared size before performing memory allocation. A specially crafted font file could use this flaw to cause a Java application to use an excessive amount of memory and possibly unexpectedly exist due to an out of memory condition.
Public now via Oracle CPU October 2019: https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA Fixed in Oracle Java SE 13.0.1, 11.0.5, 8u231, and 7u241.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3128 https://access.redhat.com/errata/RHSA-2019:3128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3127 https://access.redhat.com/errata/RHSA-2019:3127
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3134
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3135
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3136
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3158 https://access.redhat.com/errata/RHSA-2019:3158
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3157 https://access.redhat.com/errata/RHSA-2019:3157
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/e49640590658 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/e033daba121d OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/b9c5f852bbde
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2992
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4110 https://access.redhat.com/errata/RHSA-2019:4110
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4109 https://access.redhat.com/errata/RHSA-2019:4109
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4113
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2019:4115
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0006
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0046 https://access.redhat.com/errata/RHSA-2020:0046