VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-msra-64g9-huah

Essentials
Severities (29)
References (27)
Severity details (20)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-msra-64g9-huah
Aliases	CVE-2019-2698
Summary	Multiple vulnerabilities have been found in Oracle’s JDK and JRE software suites.
Status	Published
Exploitability	2.0
Weighted Severity	6.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html
ssvc	Track	https://access.redhat.com/errata/RHBA-2019:0959
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1146
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1163
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1164
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1165
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1166
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1238
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:1325
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2698.json
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
epss	0.04739	https://api.first.org/data/v1/epss?cve=CVE-2019-2698
cvssv3	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
ssvc	Track	https://seclists.org/bugtraq/2019/May/75
ssvc	Track	https://security.gentoo.org/glsa/201908-10
ssvc	Track	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
ssvc	Track	https://usn.ubuntu.com/3975-1/
ssvc	Track	https://www.debian.org/security/2019/dsa-4453
ssvc	Track	http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2698.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-2698
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1700447		https://bugzilla.redhat.com/show_bug.cgi?id=1700447
75		https://seclists.org/bugtraq/2019/May/75
CVE-2019-2698	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1778
CVE-2019-2698	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46723.txt
display?docLocale=en_US&docId=emr_na-hpesbst03959en_us		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
dsa-4453		https://www.debian.org/security/2019/dsa-4453
GLSA-201908-10		https://security.gentoo.org/glsa/201908-10
msg00011.html		https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html
msg00058.html		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html
RHSA-2019:0774		https://access.redhat.com/errata/RHSA-2019:0774
RHSA-2019:0775		https://access.redhat.com/errata/RHSA-2019:0775
RHSA-2019:0790		https://access.redhat.com/errata/RHSA-2019:0790
RHSA-2019:0791		https://access.redhat.com/errata/RHSA-2019:0791
RHSA-2019:1146		https://access.redhat.com/errata/RHSA-2019:1146
RHSA-2019:1163		https://access.redhat.com/errata/RHSA-2019:1163
RHSA-2019:1164		https://access.redhat.com/errata/RHSA-2019:1164
RHSA-2019:1165		https://access.redhat.com/errata/RHSA-2019:1165
RHSA-2019:1166		https://access.redhat.com/errata/RHSA-2019:1166
RHSA-2019:1238		https://access.redhat.com/errata/RHSA-2019:1238
RHSA-2019:1325		https://access.redhat.com/errata/RHSA-2019:1325
USN-3975-1		https://usn.ubuntu.com/3975-1/

Data source	Exploit-DB
Date added	April 17, 2019
Description	Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
Ransomware campaign use	Known
Source publication date	April 17, 2019
Exploit type	dos
Platform	multiple
Source update date	April 17, 2019
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1778

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHBA-2019:0959

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1146

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1163

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1164

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1165

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1166

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1238

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://access.redhat.com/errata/RHSA-2019:1325

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2698.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://seclists.org/bugtraq/2019/May/75

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://security.gentoo.org/glsa/201908-10

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://usn.ubuntu.com/3975-1/

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at https://www.debian.org/security/2019/dsa-4453

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:44Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.89368
EPSS Score	0.04739
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:04:30.442563+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201908-10	38.0.0