9.3

CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Updateupdate_12 Version <= 1.6.0
SunJdk Version1.6.0
SunJdk Version1.6.0 Updateupdate_10
SunJdk Version1.6.0 Updateupdate_11
SunJdk Version1.6.0 Updateupdate_3
SunJdk Version1.6.0 Updateupdate_4
SunJdk Version1.6.0 Updateupdate_5
SunJdk Version1.6.0 Updateupdate_6
SunJdk Version1.6.0 Updateupdate_7
SunJdk Version1.6.0 Updateupdate1
SunJdk Version1.6.0 Updateupdate1_b06
SunJdk Version1.6.0 Updateupdate2
SunJre Updateupdate_12 Version <= 1.6.0
SunJre Version1.6.0
SunJre Version1.6.0 Updateupdate_1
SunJre Version1.6.0 Updateupdate_10
SunJre Version1.6.0 Updateupdate_11
SunJre Version1.6.0 Updateupdate_2
SunJre Version1.6.0 Updateupdate_3
SunJre Version1.6.0 Updateupdate_4
SunJre Version1.6.0 Updateupdate_5
SunJre Version1.6.0 Updateupdate_6
SunJre Version1.6.0 Updateupdate_7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.09% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/34489
Vendor Advisory
http://secunia.com/advisories/34496
Vendor Advisory
http://secunia.com/advisories/34632
Vendor Advisory
http://secunia.com/advisories/34675
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.ubuntu.com/usn/usn-748-1
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
Vendor Advisory
http://secunia.com/advisories/37460
Vendor Advisory
http://secunia.com/advisories/37386
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1426
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://secunia.com/advisories/35156
Vendor Advisory
http://secunia.com/advisories/35223
Vendor Advisory
http://secunia.com/advisories/35776
Vendor Advisory
http://secunia.com/advisories/36185
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.securityfocus.com/bid/34240
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
Patch
Vendor Advisory
http://www.securitytracker.com/id?1021913
https://exchange.xforce.ibmcloud.com/vulnerabilities/49475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6288