CVE-2010-0841

01.04.2010, 16:30

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
oracle	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
sun	jre	𝑥 ≤ 1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jdk	𝑥 ≤ 1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	𝑥 ≤ 1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	sdk	𝑥 ≤ 1.4.2_25
sun	sdk	1.4.2
sun	sdk	1.4.2_1:_1
sun	sdk	1.4.2_02:_02
sun	sdk	1.4.2_3:_3
sun	sdk	1.4.2_4:_4
sun	sdk	1.4.2_5:_5
sun	sdk	1.4.2_6:_6
sun	sdk	1.4.2_7:_7
sun	sdk	1.4.2_8:_8
sun	sdk	1.4.2_9:_9
sun	sdk	1.4.2_10:_10
sun	sdk	1.4.2_11:_11
sun	sdk	1.4.2_12:_12
sun	sdk	1.4.2_13:_13
sun	sdk	1.4.2_14:_14
sun	sdk	1.4.2_15:_15
sun	sdk	1.4.2_16:_16
sun	sdk	1.4.2_17:_17
sun	sdk	1.4.2_18:_18
sun	sdk	1.4.2_19:_19
sun	sdk	1.4.2_20:_20
sun	sdk	1.4.2_21:_21
sun	sdk	1.4.2_22:_22
sun	sdk	1.4.2_23:_23
sun	sdk	1.4.2_24:_24
sun	jre	𝑥 ≤ 1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	𝑥 ≤ 1.4.2_25
sun	jre	1.4.2
sun	jre	1.4.2_1:_1
sun	jre	1.4.2_2:_2
sun	jre	1.4.2_3:_3
sun	jre	1.4.2_4:_4
sun	jre	1.4.2_5:_5
sun	jre	1.4.2_6:_6
sun	jre	1.4.2_7:_7
sun	jre	1.4.2_8:_8
sun	jre	1.4.2_9:_9
sun	jre	1.4.2_10:_10
sun	jre	1.4.2_11:_11
sun	jre	1.4.2_12:_12
sun	jre	1.4.2_13:_13
sun	jre	1.4.2_14:_14
sun	jre	1.4.2_15:_15
sun	jre	1.4.2_16:_16
sun	jre	1.4.2_17:_17
sun	jre	1.4.2_18:_18
sun	jre	1.4.2_19:_19
sun	jre	1.4.2_20:_20
sun	jre	1.4.2_21:_21
sun	jre	1.4.2_22:_22
sun	jre	1.4.2_23:_23
sun	jre	1.4.2_24:_24

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	ignored
hardy	not-affected
dapper	dne

sun-java5

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	ignored
intrepid	ignored
hardy	ignored
dapper	ignored

sun-java6

natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	Fixed 6.20dlj-0ubuntu1.9.10 released
jaunty	Fixed 6.20dlj-0ubuntu1.9.04 released
intrepid	ignored
hardy	Fixed 6.20dlj-0ubuntu1.8.04 released
dapper	dne