9.3
CVE-2009-1098
- EPSS 6.79%
- Veröffentlicht 25.03.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.79% | 0.932 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/34489
http://secunia.com/advisories/34495
http://secunia.com/advisories/34496
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.redhat.com/support/errata/RHSA-2009-0394.html
http://www.ubuntu.com/usn/usn-748-1
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/37460
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255
http://www.vupen.com/english/advisories/2009/1426
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://secunia.com/advisories/35156
http://secunia.com/advisories/35223
http://secunia.com/advisories/35776
http://secunia.com/advisories/36185
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.securityfocus.com/bid/34240
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
http://www.securitytracker.com/id?1021913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956