Description Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
CVSS vector AV:N/AC:L/C:C/I:C/A:C Exploitability: 10.0 | Impact: 10.0 Affected Packages2 packages
🔴 Vulnerability Details2 GHSA GHSA-86hj-mfgv-6432: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5 ↗ 2022-05-02 ▶ CVEList CVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5 ↗ 2009-03-25 ▶
📋 Vendor Advisories2 Ubuntu OpenJDK vulnerabilities ↗ 2009-03-26 ▶ Red Hat OpenJDK Pack200 Buffer overflow vulnerability (6792554) ↗ 2009-03-25 ▶
💬 Community9 Bugzilla CVE-2009-1833 Firefox JavaScript engine crashes ↗ 2009-06-01 ▶ Bugzilla CVE-2009-1832 Firefox double frame construction flaw ↗ 2009-06-01 ▶ Bugzilla CVE-2009-1839 Firefox information disclosure flaw ↗ 2009-06-01 ▶ Bugzilla CVE-2009-1838 Firefox arbitrary code execution flaw ↗ 2009-06-01 ▶ Bugzilla CVE-2009-1835 Firefox Arbitrary domain cookie access by local file: resources ↗ 2009-06-01 ▶ Show 4 more