CVE-2010-3565

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 Update 21, 5.0 Update 25, and 1.4.2 27 Java for Business versions 6 Update 21, 5.0 Update 25, and 1.4.2 27

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is reportedly related to an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, specifically in the JPEGImageWriter.writeImage function within the imageio API.

Recommendations For Oracle Java SE versions 6 Update 21, 5.0 Update 25, and 1.4.2 27, consider disabling the JPEGImageWriter.writeImage function until a patch is available. For Java for Business versions 6 Update 21, 5.0 Update 25, and 1.4.2 27, restrict access to the imageio API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.