CVE-2008-5358Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
26.2%
top 3.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedDec 5
Latest updateMay 17

Description

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDsun/jdk6+1
NVDsun/jre6+1

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-92q9-fg9g-832c: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF fi2022-05-17
CVEList
CVE-2008-5358: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF fi2008-12-05

📋Vendor Advisories

2
Ubuntu
openjdk-6 vulnerabilities2009-01-27
Red Hat
OpenJDK Buffer Overflow in GIF image processing (6766136)2008-12-04

💬Community

2
Bugzilla
CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)2008-11-19
Bugzilla
CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage2008-02-08
CVE-2008-5358 — SUN JDK vulnerability | cvebase