9.3

CVE-2008-5356

Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.

Data is provided by the National Vulnerability Database (NVD)
SunJdk Updateupdate_16 Version <= 5.0
SunJdk Updateupdate_10 Version <= 6
SunJdk Version5.0 Updateupdate_1
SunJdk Version5.0 Updateupdate_10
SunJdk Version5.0 Updateupdate_11
SunJdk Version5.0 Updateupdate_12
SunJdk Version5.0 Updateupdate_13
SunJdk Version5.0 Updateupdate_14
SunJdk Version5.0 Updateupdate_15
SunJdk Version5.0 Updateupdate_2
SunJdk Version5.0 Updateupdate_3
SunJdk Version5.0 Updateupdate_4
SunJdk Version5.0 Updateupdate_5
SunJdk Version5.0 Updateupdate_6
SunJdk Version5.0 Updateupdate_7
SunJdk Version5.0 Updateupdate_8
SunJdk Version5.0 Updateupdate_9
SunJdk Version6
SunJdk Version6 Updateupdate_1
SunJdk Version6 Updateupdate_2
SunJdk Version6 Updateupdate_3
SunJdk Version6 Updateupdate_4
SunJdk Version6 Updateupdate_5
SunJdk Version6 Updateupdate_6
SunJdk Version6 Updateupdate_7
SunJdk Version6 Updateupdate_8
SunJdk Version6 Updateupdate_9
SunJre Version <= 1.4.2_18
SunJre Updateupdate_16 Version <= 5.0
SunJre Updateupdate_10 Version <= 6
SunJre Version1.4.2_1
SunJre Version1.4.2_2
SunJre Version1.4.2_3
SunJre Version1.4.2_4
SunJre Version1.4.2_5
SunJre Version1.4.2_6
SunJre Version1.4.2_7
SunJre Version1.4.2_8
SunJre Version1.4.2_9
SunJre Version1.4.2_10
SunJre Version1.4.2_11
SunJre Version1.4.2_12
SunJre Version1.4.2_13
SunJre Version1.4.2_14
SunJre Version1.4.2_15
SunJre Version1.4.2_16
SunJre Version1.4.2_17
SunJre Version5.0
SunJre Version5.0 Updateupdate_1
SunJre Version5.0 Updateupdate_10
SunJre Version5.0 Updateupdate_11
SunJre Version5.0 Updateupdate_12
SunJre Version5.0 Updateupdate_13
SunJre Version5.0 Updateupdate_14
SunJre Version5.0 Updateupdate_15
SunJre Version5.0 Updateupdate_2
SunJre Version5.0 Updateupdate_3
SunJre Version5.0 Updateupdate_4
SunJre Version5.0 Updateupdate_5
SunJre Version5.0 Updateupdate_6
SunJre Version5.0 Updateupdate_7
SunJre Version5.0 Updateupdate_8
SunJre Version5.0 Updateupdate_9
SunJre Version6
SunJre Version6 Updateupdate_1
SunJre Version6 Updateupdate_2
SunJre Version6 Updateupdate_3
SunJre Version6 Updateupdate_4
SunJre Version6 Updateupdate_5
SunJre Version6 Updateupdate_6
SunJre Version6 Updateupdate_7
SunJre Version6 Updateupdate_8
SunJre Version6 Updateupdate_9
SunSdk Version <= 1.4.2_18
SunSdk Version1.4.2_1
SunSdk Version1.4.2_2
SunSdk Version1.4.2_3
SunSdk Version1.4.2_4
SunSdk Version1.4.2_5
SunSdk Version1.4.2_6
SunSdk Version1.4.2_7
SunSdk Version1.4.2_8
SunSdk Version1.4.2_9
SunSdk Version1.4.2_10
SunSdk Version1.4.2_11
SunSdk Version1.4.2_12
SunSdk Version1.4.2_13
SunSdk Version1.4.2_14
SunSdk Version1.4.2_15
SunSdk Version1.4.2_16
SunSdk Version1.4.2_17
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.68% 0.915
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.