Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6mq4-munv-sffc
Vulnerability ID VCID-6mq4-munv-sffc
Aliases CVE-2019-2697
Summary Multiple vulnerabilities have been found in Oracle’s JDK and JRE software suites.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
ssvc Track https://access.redhat.com/errata/RHSA-2019:1163
ssvc Track https://access.redhat.com/errata/RHSA-2019:1164
ssvc Track https://access.redhat.com/errata/RHSA-2019:1165
ssvc Track https://access.redhat.com/errata/RHSA-2019:1166
ssvc Track https://access.redhat.com/errata/RHSA-2019:1238
ssvc Track https://access.redhat.com/errata/RHSA-2019:1325
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2697.json
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
epss 0.0408 https://api.first.org/data/v1/epss?cve=CVE-2019-2697
cvssv3 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://security.gentoo.org/glsa/201908-10
ssvc Track https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
ssvc Track https://usn.ubuntu.com/3975-1/
ssvc Track http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2697.json
https://api.first.org/data/v1/epss?cve=CVE-2019-2697
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1704480 https://bugzilla.redhat.com/show_bug.cgi?id=1704480
CVE-2019-2697 Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1777
CVE-2019-2697 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46722.txt
display?docLocale=en_US&docId=emr_na-hpesbst03959en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
GLSA-201908-10 https://security.gentoo.org/glsa/201908-10
RHSA-2019:1163 https://access.redhat.com/errata/RHSA-2019:1163
RHSA-2019:1164 https://access.redhat.com/errata/RHSA-2019:1164
RHSA-2019:1165 https://access.redhat.com/errata/RHSA-2019:1165
RHSA-2019:1166 https://access.redhat.com/errata/RHSA-2019:1166
RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238
RHSA-2019:1325 https://access.redhat.com/errata/RHSA-2019:1325
USN-3975-1 https://usn.ubuntu.com/3975-1/
Data source Exploit-DB
Date added April 17, 2019
Description Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
Ransomware campaign use Known
Source publication date April 17, 2019
Exploit type dos
Platform multiple
Source update date April 17, 2019
Source URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1777
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1163
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1164
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1165
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1166
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1238
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://access.redhat.com/errata/RHSA-2019:1325
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2697.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://security.gentoo.org/glsa/201908-10
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at https://usn.ubuntu.com/3975-1/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:46Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.88502
EPSS Score 0.0408
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:04:30.424410+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201908-10 38.0.0