CVE-2009-2674 — Integer Overflow or Wraparound in Oracle BEA Product Suite

CWE-264 CWE-190 — Integer Overflow or Wraparound9 documents6 sources

Severity

10.0CRITICALNVD

NVD7.5CNA7.5CNA5.0

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle BEA Product Suite SUN JDK SUN JRE

Timeline

PublishedAug 5

Latest updateMay 2

Description

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk1.6.0, 6+1

▶NVDsun/jre6

▶NVDoracle/bea_product_suiter27.6.4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-9r76-mhm8-f3q4: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2022-05-02

▶

GHSA

GHSA-3fh4-76x3-9pjc: Integer overflow in javaws↗2022-05-02

▶

CVEList

CVE-2009-3403: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2009-10-22

▶

CVEList

CVE-2009-2674: Integer overflow in javaws↗2009-08-05

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

Java Web Start Buffer JPEG processing integer overflow (6823373)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)↗2009-07-21

▶