DescriptionInteger overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SA:2007:045, published Wed, 18 Jul 2007 18:00:00 +0000
- SUSE-SA:2007:056, published Thu, 18 Oct 2007 18:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Server 11 SP1|| |
|SUSE Linux Enterprise Server 11 SP2|| |