CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.

Published: Mar 26, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1097
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
sun / jdk	1.6.0-update_4	1.6.0-update_4.x
sun / jre	1.6.0-update_3	1.6.0-update_3.x
sun / jre	1.6.0-update_5	1.6.0-update_5.x
sun / jdk	1.6.0-update_7	1.6.0-update_7.x
sun / jre	1.6.0-update_1	1.6.0-update_1.x
sun / jre	1.6.0-update_2	1.6.0-update_2.x
sun / jdk	1.6.0-update_3	1.6.0-update_3.x
sun / jdk	1.6.0-update_11	1.6.0-update_11.x
sun / jdk	1.6.0-update_10	1.6.0-update_10.x
sun / jre	1.6.0-update_6	1.6.0-update_6.x
sun / jdk	1.6.0	1.6.0.x
sun / jre	1.6.0	1.6.0.x
sun / jdk	1.6.0-update_5	1.6.0-update_5.x
sun / jdk	1.6.0-update2	1.6.0-update2.x
sun / jre	1.6.0-update_10	1.6.0-update_10.x
sun / jdk	-	1.6.0.x
sun / jdk	1.6.0-update1_b06	1.6.0-update1_b06.x
sun / jdk	1.6.0-update1	1.6.0-update1.x
sun / jre	-	1.6.0.x
sun / jre	1.6.0-update_7	1.6.0-update_7.x
sun / jre	1.6.0-update_4	1.6.0-update_4.x
sun / jdk	1.6.0-update_6	1.6.0-update_6.x
sun / jre	1.6.0-update_11	1.6.0-update_11.x

Vulnerability Database

289,697

CVE-2009-1097