CVE-2010-3566

EUVD-2010-3562
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
sunjre
𝑥
≤ 1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjdk
𝑥
≤ 1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
𝑥
≤ 1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjre
𝑥
≤ 1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
dapper
dne
hardy
Fixed 1.8.2-4ubuntu1~8.04.1
released
jaunty
Fixed 1.8.2-4ubuntu1~9.04.1
released
karmic
Fixed 1.8.2-4ubuntu1~9.10.1
released
lucid
Fixed 1.8.2-4ubuntu2
released
maverick
Fixed 6b20-1.9.1-1ubuntu3
released
openjdk-6b18
dapper
dne
hardy
dne
intrepid
dne
karmic
not-affected
lucid
not-affected
maverick
Fixed 6b18-1.8.2-4ubuntu1
released
sun-java6
dapper
dne
hardy
Fixed 6.22-0ubuntu1~8.04.1
released
jaunty
Fixed 6.22-0ubuntu1~9.04.1
released
karmic
Fixed 6.22-0ubuntu1~9.10.1
released
lucid
Fixed 6.22-0ubuntu1~10.04
released
maverick
Fixed 6.22-0ubuntu1~10.10
released
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/41967
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://secunia.com/advisories/42974
http://secunia.com/advisories/44954
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/43988
http://www.ubuntu.com/usn/USN-1010-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/3086
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12225
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/41967
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://secunia.com/advisories/42974
http://secunia.com/advisories/44954
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114315
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/43988
http://www.ubuntu.com/usn/USN-1010-1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/3086
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12225