CVE-2010-0841

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 Update 18, 5.0 Update 23, and 1.4.2 25 Java for Business versions 6 Update 18, 5.0 Update 23, and 1.4.2 25

Description The issue affects the confidentiality, integrity, and availability of the system through unknown vectors. It is related to the ImageIO component and may involve an integer overflow in the Java Runtime Environment, potentially allowing remote attackers to execute arbitrary code via a JPEG image with large subsample dimensions, related to JPEGImageReader and stepX.

Recommendations For Oracle Java SE versions 6 Update 18, 5.0 Update 23, and 1.4.2 25, consider disabling the JPEGImageReader function until a patch is available. For Java for Business versions 6 Update 18, 5.0 Update 23, and 1.4.2 25, restrict access to JPEG images with large subsample dimensions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.