Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-1099
HistoryMar 25, 2009 - 12:00 a.m.

CVE-2009-1099

2009-03-2500:00:00
ubuntu.com
ubuntu.com
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.668 Medium

EPSS

Percentile

97.9%

JSON

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier,
allows remote attackers to access files or execute arbitrary code via
crafted glyph descriptions in a Type1 font, which bypasses a signed
comparison and triggers a buffer overflow.

Notes

Author Note
kees RedHat lists this as “OpenJDK: Type1 font processing buffer overflow vulnerability” and bug 492302. Sun’s bug seems to be 6804999, from http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsun-java6< 6.20dlj-0ubuntu1.8.04UNKNOWN
ubuntu9.04noarchsun-java6< 6.20dlj-0ubuntu1.9.04UNKNOWN
ubuntu9.10noarchsun-java6< 6.20dlj-0ubuntu1.9.10UNKNOWN
ubuntu10.04noarchsun-java6< 6.20dlj-1ubuntu3UNKNOWN

Related

veracode 1
cve 1
checkpoint_advisories 1
prion 1
nessus 33
openvas 26
redhat 6
suse 3
oracle 1
securityvulns 1
vmware 6
gentoo 1
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:37:27
cve
cve
CVE-2009-1099
2009-03-25 23:30:00
checkpoint_advisories
checkpoint_advisories
Sun Java Runtime Environment Type1 Font Parsing Integer Overflow (CVE-2009-1099)
2010-02-25 00:00:00
prion
prion
Integer overflow
2009-03-25 23:30:00
nessus
nessus
Solaris 10 (x86) : 118669-61
2018-03-12 00:00:00
Solaris 10 (x86) : 118669-19
2018-03-12 00:00:00
openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)
2009-07-21 00:00:00
openvas
openvas
SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
2009-10-10 00:00:00
SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
2009-10-10 00:00:00
SLES10: Security update for IBM Java 5
2009-10-13 00:00:00
redhat
redhat
(RHSA-2009:0394) Critical: java-1.5.0-sun security update
2009-03-26 00:00:00
(RHSA-2009:1038) Critical: java-1.5.0-ibm security update
2009-05-18 00:00:00
(RHSA-2009:1198) Critical: java-1.6.0-ibm security update
2009-08-06 00:00:00
suse
suse
remote code execution in IBM JDK 5
2009-05-25 13:39:41
remote code execution in java-1_6_0-ibm
2009-07-02 21:55:23
remote code execution in Sun Java 5 and 6
2009-04-03 13:04:22
oracle
oracle
09-07 CPU Advisory
2009-07-14 00:00:00
securityvulns
securityvulns
Oracle Critical Patch Update Advisory - July 2009
2009-07-16 00:00:00
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.668 Medium

EPSS

Percentile

97.9%

JSON
Related for UB:CVE-2009-1099
veracode1cve1checkpoint_advisories1prion1nessus33openvas26redhat6suse3oracle1securityvulns1vmware6gentoo1