Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jdk | Sun | 1.5.0 (including) | 1.5.0 (including) |
Jdk | Sun | 1.5.0-update1 (including) | 1.5.0-update1 (including) |
Jdk | Sun | 1.5.0-update10 (including) | 1.5.0-update10 (including) |
Jdk | Sun | 1.5.0-update2 (including) | 1.5.0-update2 (including) |
Jdk | Sun | 1.5.0-update3 (including) | 1.5.0-update3 (including) |
Jdk | Sun | 1.5.0-update4 (including) | 1.5.0-update4 (including) |
Jdk | Sun | 1.5.0-update5 (including) | 1.5.0-update5 (including) |
Jdk | Sun | 1.5.0-update6 (including) | 1.5.0-update6 (including) |
Jdk | Sun | 1.5.0-update7 (including) | 1.5.0-update7 (including) |
Jdk | Sun | 1.5.0-update8 (including) | 1.5.0-update8 (including) |
Jdk | Sun | 1.5.0-update9 (including) | 1.5.0-update9 (including) |
Jdk | Sun | 1.6.0 (including) | 1.6.0 (including) |