CVE-2008-5357

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Jre	Sun	1.3.1 (including)	1.3.1 (including)
Jre	Sun	1.3.1_2 (including)	1.3.1_2 (including)
Jre	Sun	1.3.1_03 (including)	1.3.1_03 (including)
Jre	Sun	1.3.1_04 (including)	1.3.1_04 (including)
Jre	Sun	1.3.1_05 (including)	1.3.1_05 (including)
Jre	Sun	1.3.1_06 (including)	1.3.1_06 (including)
Jre	Sun	1.3.1_07 (including)	1.3.1_07 (including)
Jre	Sun	1.3.1_08 (including)	1.3.1_08 (including)
Jre	Sun	1.3.1_09 (including)	1.3.1_09 (including)
Jre	Sun	1.3.1_10 (including)	1.3.1_10 (including)
Jre	Sun	1.3.1_11 (including)	1.3.1_11 (including)
Jre	Sun	1.3.1_12 (including)	1.3.1_12 (including)
Jre	Sun	1.3.1_13 (including)	1.3.1_13 (including)
Jre	Sun	1.3.1_14 (including)	1.3.1_14 (including)
Jre	Sun	1.3.1_15 (including)	1.3.1_15 (including)
Jre	Sun	1.3.1_16 (including)	1.3.1_16 (including)
Jre	Sun	1.3.1_17 (including)	1.3.1_17 (including)
Jre	Sun	1.3.1_18 (including)	1.3.1_18 (including)
Jre	Sun	1.3.1_19 (including)	1.3.1_19 (including)
Jre	Sun	1.3.1_20 (including)	1.3.1_20 (including)
Jre	Sun	1.3.1_21 (including)	1.3.1_21 (including)
Jre	Sun	1.3.1_22 (including)	1.3.1_22 (including)
Jre	Sun	1.3.1_23 (including)	1.3.1_23 (including)
Jre	Sun	1.4.2 (including)	1.4.2 (including)
Jre	Sun	1.4.2_1 (including)	1.4.2_1 (including)
Jre	Sun	1.4.2_2 (including)	1.4.2_2 (including)
Jre	Sun	1.4.2_3 (including)	1.4.2_3 (including)
Jre	Sun	1.4.2_4 (including)	1.4.2_4 (including)
Jre	Sun	1.4.2_5 (including)	1.4.2_5 (including)
Jre	Sun	1.4.2_6 (including)	1.4.2_6 (including)
Jre	Sun	1.4.2_7 (including)	1.4.2_7 (including)
Jre	Sun	1.4.2_8 (including)	1.4.2_8 (including)
Jre	Sun	1.4.2_9 (including)	1.4.2_9 (including)
Jre	Sun	1.4.2_10 (including)	1.4.2_10 (including)
Jre	Sun	1.4.2_11 (including)	1.4.2_11 (including)
Jre	Sun	1.4.2_12 (including)	1.4.2_12 (including)
Jre	Sun	1.4.2_13 (including)	1.4.2_13 (including)
Jre	Sun	1.4.2_14 (including)	1.4.2_14 (including)
Jre	Sun	1.4.2_15 (including)	1.4.2_15 (including)
Jre	Sun	1.4.2_16 (including)	1.4.2_16 (including)
Jre	Sun	1.4.2_17 (including)	1.4.2_17 (including)
Jre	Sun	1.4.2_18 (including)	1.4.2_18 (including)
Jre	Sun	1.5.0 (including)	1.5.0 (including)
Jre	Sun	1.5.0-update1 (including)	1.5.0-update1 (including)
Jre	Sun	1.5.0-update10 (including)	1.5.0-update10 (including)
Jre	Sun	1.5.0-update11 (including)	1.5.0-update11 (including)
Jre	Sun	1.5.0-update12 (including)	1.5.0-update12 (including)
Jre	Sun	1.5.0-update13 (including)	1.5.0-update13 (including)
Jre	Sun	1.5.0-update14 (including)	1.5.0-update14 (including)
Jre	Sun	1.5.0-update15 (including)	1.5.0-update15 (including)
Jre	Sun	1.5.0-update16 (including)	1.5.0-update16 (including)
Jre	Sun	1.5.0-update2 (including)	1.5.0-update2 (including)
Jre	Sun	1.6.0 (including)	1.6.0 (including)
Jre	Sun	1.6.0-update_1 (including)	1.6.0-update_1 (including)
Jre	Sun	1.6.0-update_10 (including)	1.6.0-update_10 (including)
Jre	Sun	1.6.0-update_2 (including)	1.6.0-update_2 (including)
Jre	Sun	1.6.0-update_3 (including)	1.6.0-update_3 (including)
Jre	Sun	1.6.0-update_4 (including)	1.6.0-update_4 (including)
Jre	Sun	1.6.0-update_5 (including)	1.6.0-update_5 (including)
Jre	Sun	1.6.0-update_6 (including)	1.6.0-update_6 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5357
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References