← back
CVE-2009-3868

CVE-2009-3868

EPSS 4.3%
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://java.sun.com/javase/6/webnotes/6u17.htmlhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.htmlhttp://marc.info/?l=bugtraq&m=126566824131534&w=2http://marc.info/?l=bugtraq&m=131593453929393&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://secunia.com/advisories/37231http://secunia.com/advisories/37239http://secunia.com/advisories/37386http://secunia.com/advisories/37581http://secunia.com/advisories/37841