CVE-2009-3885JRE vulnerability

6 documents6 sources
Severity
5.0MEDIUMNVD
CNA4.3
EPSS
0.9%
top 24.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN JRE
Timeline
PublishedNov 9
Latest updateMay 2

Description

Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/jre1.5.0+5

🔴Vulnerability Details

2
GHSA
GHSA-5gc2-9hrm-h7g7: Sun Java SE 52022-05-02
CVEList
CVE-2009-3885: Sun Java SE 52009-11-09

📋Vendor Advisories

2
Ubuntu
OpenJDK vulnerabilities2009-11-12
Red Hat
OpenJDK BMP parsing DoS with UNC ICC links (6632445)2009-11-03

💬Community

1
Bugzilla
CVE-2009-3885 OpenJDK BMP parsing DoS with UNC ICC links (6632445)2009-10-21
CVE-2009-3885 — SUN JRE vulnerability | cvebase