PT-2010-4927 · Oracle+2 · Java Se+4
Published
2010-10-12
·
Updated
2018-10-10
·
CVE-2010-3566
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE versions 5.0 Update 25 and 6 Update 21
Oracle Java for Business versions 5.0 Update 25 and 6 Update 21
Description
The issue affects the confidentiality, integrity, and availability of the system. It is reportedly related to a crafted devs (device information) tag structure in a color profile, potentially leading to an integer overflow and buffer overflow. The estimated number of potentially affected devices worldwide is not specified.
Recommendations
For Oracle Java SE versions 5.0 Update 25 and 6 Update 21, update to a version that contains the fix for this issue.
For Oracle Java for Business versions 5.0 Update 25 and 6 Update 21, update to a version that contains the fix for this issue.
As a temporary workaround, consider restricting the use of crafted color profiles until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat