CVE-2010-3565

19.10.2010, 22:00

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:C/A:C
oracle	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
sun	jre	𝑥 ≤ 1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jdk	𝑥 ≤ 1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	𝑥 ≤ 1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	sdk	𝑥 ≤ 1.4.2_27
sun	sdk	1.4.2
sun	sdk	1.4.2_1:_1
sun	sdk	1.4.2_02:_02
sun	sdk	1.4.2_3:_3
sun	sdk	1.4.2_4:_4
sun	sdk	1.4.2_5:_5
sun	sdk	1.4.2_6:_6
sun	sdk	1.4.2_7:_7
sun	sdk	1.4.2_8:_8
sun	sdk	1.4.2_9:_9
sun	sdk	1.4.2_10:_10
sun	sdk	1.4.2_11:_11
sun	sdk	1.4.2_12:_12
sun	sdk	1.4.2_13:_13
sun	sdk	1.4.2_14:_14
sun	sdk	1.4.2_15:_15
sun	sdk	1.4.2_16:_16
sun	sdk	1.4.2_17:_17
sun	sdk	1.4.2_18:_18
sun	sdk	1.4.2_19:_19
sun	sdk	1.4.2_20:_20
sun	sdk	1.4.2_21:_21
sun	sdk	1.4.2_22:_22
sun	sdk	1.4.2_23:_23
sun	sdk	1.4.2_24:_24
sun	sdk	1.4.2_25:_25
sun	sdk	1.4.2_26:_26
sun	jre	𝑥 ≤ 1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	𝑥 ≤ 1.4.2_27
sun	jre	1.4.2
sun	jre	1.4.2_1:_1
sun	jre	1.4.2_2:_2
sun	jre	1.4.2_3:_3
sun	jre	1.4.2_4:_4
sun	jre	1.4.2_5:_5
sun	jre	1.4.2_6:_6
sun	jre	1.4.2_7:_7
sun	jre	1.4.2_8:_8
sun	jre	1.4.2_9:_9
sun	jre	1.4.2_10:_10
sun	jre	1.4.2_11:_11
sun	jre	1.4.2_12:_12
sun	jre	1.4.2_13:_13
sun	jre	1.4.2_14:_14
sun	jre	1.4.2_15:_15
sun	jre	1.4.2_16:_16
sun	jre	1.4.2_17:_17
sun	jre	1.4.2_18:_18
sun	jre	1.4.2_19:_19
sun	jre	1.4.2_20:_20
sun	jre	1.4.2_21:_21
sun	jre	1.4.2_22:_22
sun	jre	1.4.2_23:_23
sun	jre	1.4.2_24:_24
sun	jre	1.4.2_25:_25
sun	jre	1.4.2_26:_26

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

maverick	Fixed 6b20-1.9.1-1ubuntu3 released
lucid	Fixed 1.8.2-4ubuntu2 released
karmic	Fixed 1.8.2-4ubuntu1~9.10.1 released
jaunty	Fixed 1.8.2-4ubuntu1~9.04.1 released
hardy	Fixed 1.8.2-4ubuntu1~8.04.1 released
dapper	dne

openjdk-6b18

maverick	Fixed 6b18-1.8.2-4ubuntu1 released
lucid	not-affected
karmic	not-affected
intrepid	dne
hardy	dne
dapper	dne

sun-java6

maverick	Fixed 6.22-0ubuntu1~10.10 released
lucid	Fixed 6.22-0ubuntu1~10.04 released
karmic	Fixed 6.22-0ubuntu1~9.10.1 released
jaunty	Fixed 6.22-0ubuntu1~9.04.1 released
hardy	Fixed 6.22-0ubuntu1~8.04.1 released
dapper	dne