EIP-2026-102331

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102331. PoCs published by Google Security Research.

AI-analyzed exploit summary This report details a heap-based out-of-bounds read vulnerability in Oracle Java Runtime Environment 8u202, triggered during TrueType font processing in the `AlternateSubstitutionSubtable::process` function. The crash occurs due to invalid memory access, with technical analysis including stack traces and register states from both Linux and Windows environments.

Description

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosjava

https://www.exploit-db.com/exploits/46412

View Code ZIP pw:eip

This report details a heap-based out-of-bounds read vulnerability in Oracle Java Runtime Environment 8u202, triggered during TrueType font processing in the `AlternateSubstitutionSubtable::process` function. The crash occurs due to invalid memory access, with technical analysis including stack traces and register states from both Linux and Windows environments.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Oracle Java Runtime Environment 8u202

No auth needed

Prerequisites: A maliciously crafted TrueType font file

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

Exploitation Summary

Description

Exploits (1)

Details