CVE-2009-1098 : Detail

CVE-2009-1098

Overflow
37.82%V3
Network
2009-03-25
22h00 +00:00
2018-10-10
16h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Sun>>Jdk >> Version To (including) 1.5.0

Sun>>Jdk >> Version To (including) 1.6.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.5.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jdk >> Version 1.6.0

Sun>>Jre >> Version To (including) 1.5.0

Sun>>Jre >> Version To (including) 1.6.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.5.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Sun>>Jre >> Version 1.6.0

Configuraton 0

Sun>>Jre >> Version To (including) 1.3.1_24

Sun>>Jre >> Version 1.3.1

Sun>>Jre >> Version 1.3.1_01

    Sun>>Jre >> Version 1.3.1_2

    Sun>>Jre >> Version 1.3.1_03

    Sun>>Jre >> Version 1.3.1_04

    Sun>>Jre >> Version 1.3.1_05

    Sun>>Jre >> Version 1.3.1_06

    Sun>>Jre >> Version 1.3.1_07

    Sun>>Jre >> Version 1.3.1_08

    Sun>>Jre >> Version 1.3.1_09

    Sun>>Jre >> Version 1.3.1_10

    Sun>>Jre >> Version 1.3.1_11

    Sun>>Jre >> Version 1.3.1_12

    Sun>>Jre >> Version 1.3.1_13

    Sun>>Jre >> Version 1.3.1_14

    Sun>>Jre >> Version 1.3.1_15

    Sun>>Jre >> Version 1.3.1_16

    Sun>>Jre >> Version 1.3.1_17

    Sun>>Jre >> Version 1.3.1_18

    Sun>>Jre >> Version 1.3.1_19

    Sun>>Jre >> Version 1.3.1_20

    Sun>>Jre >> Version 1.3.1_21

    Sun>>Jre >> Version 1.3.1_22

    Sun>>Jre >> Version 1.3.1_23

    Sun>>Sdk >> Version To (including) 1.3.1_24

    Sun>>Sdk >> Version 1.3.1

    Sun>>Sdk >> Version 1.3.1_01

    Sun>>Sdk >> Version 1.3.1_01a

    Sun>>Sdk >> Version 1.3.1_02

    Sun>>Sdk >> Version 1.3.1_03

    Sun>>Sdk >> Version 1.3.1_04

    Sun>>Sdk >> Version 1.3.1_05

    Sun>>Sdk >> Version 1.3.1_06

    Sun>>Sdk >> Version 1.3.1_07

    Sun>>Sdk >> Version 1.3.1_08

    Sun>>Sdk >> Version 1.3.1_09

    Sun>>Sdk >> Version 1.3.1_10

    Sun>>Sdk >> Version 1.3.1_11

    Sun>>Sdk >> Version 1.3.1_12

    Sun>>Sdk >> Version 1.3.1_13

    Sun>>Sdk >> Version 1.3.1_14

    Sun>>Sdk >> Version 1.3.1_15

    Sun>>Sdk >> Version 1.3.1_16

    Sun>>Sdk >> Version 1.3.1_17

    Sun>>Sdk >> Version 1.3.1_18

    Sun>>Sdk >> Version 1.3.1_19

    Sun>>Sdk >> Version 1.3.1_20

    Sun>>Sdk >> Version 1.3.1_21

    Sun>>Sdk >> Version 1.3.1_22

    Sun>>Sdk >> Version 1.3.1_23

    Configuraton 0

    Sun>>Jre >> Version To (including) 1.4.2_19

    Sun>>Jre >> Version 1.4.2

    Sun>>Jre >> Version 1.4.2_1

    Sun>>Jre >> Version 1.4.2_2

    Sun>>Jre >> Version 1.4.2_3

    Sun>>Jre >> Version 1.4.2_4

    Sun>>Jre >> Version 1.4.2_5

    Sun>>Jre >> Version 1.4.2_6

    Sun>>Jre >> Version 1.4.2_7

    Sun>>Jre >> Version 1.4.2_8

    Sun>>Jre >> Version 1.4.2_9

    Sun>>Jre >> Version 1.4.2_10

    Sun>>Jre >> Version 1.4.2_11

    Sun>>Jre >> Version 1.4.2_12

    Sun>>Jre >> Version 1.4.2_13

    Sun>>Jre >> Version 1.4.2_14

    Sun>>Jre >> Version 1.4.2_15

    Sun>>Jre >> Version 1.4.2_16

    Sun>>Jre >> Version 1.4.2_17

    Sun>>Jre >> Version 1.4.2_18

    Sun>>Sdk >> Version To (including) 1.4.2_19

    Sun>>Sdk >> Version 1.4.2

    Sun>>Sdk >> Version 1.4.2_1

    Sun>>Sdk >> Version 1.4.2_2

    Sun>>Sdk >> Version 1.4.2_02

    Sun>>Sdk >> Version 1.4.2_03

    Sun>>Sdk >> Version 1.4.2_3

    Sun>>Sdk >> Version 1.4.2_04

    Sun>>Sdk >> Version 1.4.2_4

    Sun>>Sdk >> Version 1.4.2_5

    Sun>>Sdk >> Version 1.4.2_6

    Sun>>Sdk >> Version 1.4.2_7

    Sun>>Sdk >> Version 1.4.2_08

    Sun>>Sdk >> Version 1.4.2_09

    Sun>>Sdk >> Version 1.4.2_10

    Sun>>Sdk >> Version 1.4.2_11

    Sun>>Sdk >> Version 1.4.2_12

    Sun>>Sdk >> Version 1.4.2_13

    Sun>>Sdk >> Version 1.4.2_14

    Sun>>Sdk >> Version 1.4.2_15

    Sun>>Sdk >> Version 1.4.2_16

    Sun>>Sdk >> Version 1.4.2_17

    Sun>>Sdk >> Version 1.4.2_18

    References

    http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
    Tags : vendor-advisory, x_refsource_MANDRIVA
    http://secunia.com/advisories/34632
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/35156
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/34675
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/35776
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securitytracker.com/id?1021913
    Tags : vdb-entry, x_refsource_SECTRACK
    http://secunia.com/advisories/37460
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/34489
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-1038.html
    Tags : vendor-advisory, x_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=124344236532162&w=2
    Tags : vendor-advisory, x_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-0394.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/34495
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/36185
    Tags : third-party-advisory, x_refsource_SECUNIA
    https://rhn.redhat.com/errata/RHSA-2009-0377.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/35255
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
    Tags : vendor-advisory, x_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2009-0392.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/35223
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/34240
    Tags : vdb-entry, x_refsource_BID
    http://secunia.com/advisories/34496
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-748-1
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://www.debian.org/security/2009/dsa-1769
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://secunia.com/advisories/35416
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/37386
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/3316
    Tags : vdb-entry, x_refsource_VUPEN