CVE-2010-0849

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2 25, and 1.3.1 27

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is claimed by a reliable researcher to be a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.

Recommendations For Oracle Java SE and Java for Business version 6 Update 18, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 5.0 Update 23, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 1.4.2 25, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 1.3.1 27, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the use of the JPEGImageDecoderImpl interface until a patch is available.