CVE-2009-3874

Publication date 5 November 2009

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 6b16-1.6.1-3ubuntu1
	9.04 jaunty	Fixed 6b14-1.4.1-0ubuntu12
	8.10 intrepid	Fixed 6b12-0ubuntu6.6
	8.04 LTS hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored end of life
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 6.20dlj-1ubuntu3
	9.10 karmic	Fixed 6.20dlj-0ubuntu1.9.10
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-859-1
OpenJDK vulnerabilities
12 November 2009

CVE-2009-3874

Status

References

Related Ubuntu Security Notices (USN)

Other references