ID CVE-2009-3874
Summary Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 Resolution CR 6854303, 6862970, 6872357, 6872358, and 6862969 are addressed in the following releases: Java SE for Windows, Solaris, and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later Java SE for Solaris: * SDK and JRE 1.4.2_24 or later Java SE for Windows: * SDK and JRE 1.3.1_27 or later Java SE for Business for Windows, Solaris and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later * SDK and JRE 1.4.2_24 or later The issues described in CR 6874643 and 6862968 are addressed in the following releases: Java SE for Windows, Solaris, and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later Java SE for Solaris: * SDK and JRE 1.4.2_24 or later Java SE for Business for Windows, Solaris and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later * SDK and JRE 1.4.2_24 or later Java SE releases are available at: JDK and JRE 6 Update 17: * http://java.sun.com/javase/downloads/index.jsp JRE 6 Update 17: * http://java.com/ * Through the Java Update tool for Microsoft Windows users JDK 6 Update 17 for Solaris is available in the following patches: * Java SE 6: update 17 (as delivered in patch 125136-18) * Java SE 6: update 17 (as delivered in patch 125137-18 (64bit)) * Java SE 6_x86: update 17 (as delivered in patch 125138-18) * Java SE 6_x86: update 17 (as delivered in patch 125139-18 (64bit)) JDK and JRE 5.0 Update 22: * http://java.sun.com/javase/downloads/index_jdk5.jsp JDK 5.0 Update 22 for Solaris is available in the following patches: * J2SE 5.0: update 22 (as delivered in patch 118666-24) * J2SE 5.0: update 22 (as delivered in patch 118667-24 (64bit)) * J2SE 5.0_x86: update 22 (as delivered in patch 118668-24) * J2SE 5.0_x86: update 22 (as delivered in patch 118669-24 (64bit)) Java SE for Business releases are available at: * http://www.sun.com/software/javaseforbusiness/getit_download.jsp
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
    cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:java_se:*:*:business:*:*:*:*:*
    cpe:2.3:a:sun:java_se:*:*:business:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:14:43.303-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
    family unix
    id oval:org.mitre.oval:def:11566
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
    version 18
  • accepted 2015-04-20T04:00:14.659-04:00
    class vulnerability
    contributors
    • name Aslesha Nargolkar
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
    family unix
    id oval:org.mitre.oval:def:12057
    status accepted
    submitted 2010-10-27T13:02:54.000-05:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 48
  • accepted 2014-01-20T04:01:34.727-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
    family unix
    id oval:org.mitre.oval:def:7442
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title OpenJDK ImageI/O JPEG Heap Overflow Vulnerability
    version 8
  • accepted 2015-04-20T04:02:40.599-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
    family unix
    id oval:org.mitre.oval:def:8603
    status accepted
    submitted 2010-03-22T17:00:25.000-04:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 46
redhat via4
advisories
rhsa
id RHSA-2009:1694
rpms
  • java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.22-1jpp.1.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.7.b09.el5
  • java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.3-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.3-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.13.3-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.3-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-accessibility-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-demo-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-devel-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.11-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.11-1jpp.1.el4
  • java-1.5.0-ibm-src-1:1.5.0.11-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-accessibility-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-src-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-src-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.3.el4
  • java-1.4.2-ibm-0:1.4.2.13.4.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-0:1.4.2.13.4.sap-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.4.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-demo-0:1.4.2.13.4.sap-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.4.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-devel-0:1.4.2.13.4.sap-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.4.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.4.sap-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.4.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-src-0:1.4.2.13.4.sap-1jpp.1.el5
refmap via4
apple
  • APPLE-SA-2009-12-03-1
  • APPLE-SA-2009-12-03-2
bid 36881
confirm
gentoo GLSA-200911-02
hp
  • HPSBMU02703
  • HPSBMU02799
  • HPSBUX02503
  • SSRT100019
  • SSRT100242
mandriva MDVSA-2010:084
misc http://zerodayinitiative.com/advisories/ZDI-09-080/
sectrack 1023132
secunia
  • 37231
  • 37239
  • 37386
  • 37581
  • 37841
sunalert 270474
suse SUSE-SA:2009:058
vupen ADV-2009-3131
saint via4
  • bid 36881
    description Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
    osvdb 59711
    title jre_hsbparser_getsoundbank
    type client
  • bid 36881
    description Java Runtime Environment AWT setDiffICM buffer overflow
    id web_client_jre
    osvdb 59710
    title jre_awt_setdifficm
    type client
Last major update 30-10-2018 - 16:25
Published 05-11-2009 - 16:30
Last modified 30-10-2018 - 16:25
Back to Top