CVE-2010-3566

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
oracleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
sunjre
𝑥
≤ 1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjdk
𝑥
≤ 1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
𝑥
≤ 1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjre
𝑥
≤ 1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
maverick
Fixed 6b20-1.9.1-1ubuntu3
released
lucid
Fixed 1.8.2-4ubuntu2
released
karmic
Fixed 1.8.2-4ubuntu1~9.10.1
released
jaunty
Fixed 1.8.2-4ubuntu1~9.04.1
released
hardy
Fixed 1.8.2-4ubuntu1~8.04.1
released
dapper
dne
openjdk-6b18
maverick
Fixed 6b18-1.8.2-4ubuntu1
released
lucid
not-affected
karmic
not-affected
intrepid
dne
hardy
dne
dapper
dne
sun-java6
maverick
Fixed 6.22-0ubuntu1~10.10
released
lucid
Fixed 6.22-0ubuntu1~10.04
released
karmic
Fixed 6.22-0ubuntu1~9.10.1
released
jaunty
Fixed 6.22-0ubuntu1~9.04.1
released
hardy
Fixed 6.22-0ubuntu1~8.04.1
released
dapper
dne
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/41967
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://secunia.com/advisories/42974
http://secunia.com/advisories/44954
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/43988
http://www.ubuntu.com/usn/USN-1010-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/3086
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12225
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/41967
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://secunia.com/advisories/42974
http://secunia.com/advisories/44954
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/43988
http://www.ubuntu.com/usn/USN-1010-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/3086
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12225