CVE-2006-6731

Name of the Vulnerable Software and Affected Versions: Java Development Kit (JDK) and Java Runtime Environment (JRE) versions prior to 5.0 Update 8 Java System Development Kit (SDK) and JRE 1.4.x versions prior to 1.4.2 13 Java System Development Kit (SDK) and JRE 1.3.1 versions prior to 1.3.1 19

Description: The issue allows attackers to develop Java applets that can read, write, or execute local files. This is possibly related to integer overflows in the Java sun awt image ImagingLib convolveBI, awt parseRaster, and awt parseColorModel functions, a stack overflow in the Java sun awt image ImagingLib lookupByteRaster function, and improper handling of certain negative values in the Java sun font SunLayoutEngine nativeLayout function.

Recommendations: For Java Development Kit (JDK) and Java Runtime Environment (JRE) versions prior to 5.0 Update 8, update to version 5.0 Update 8 or later. For Java System Development Kit (SDK) and JRE 1.4.x versions prior to 1.4.2 13, update to version 1.4.2 13 or later. For Java System Development Kit (SDK) and JRE 1.3.1 versions prior to 1.3.1 19, update to version 1.3.1 19 or later. As a temporary workaround, consider disabling the use of Java applets that utilize the Java sun awt image ImagingLib convolveBI, awt parseRaster, awt parseColorModel, Java sun awt image ImagingLib lookupByteRaster, and Java sun font SunLayoutEngine nativeLayout functions until a patch is available.