CVE-2010-0846

Published: Apr 1, 2010Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).

Affected (238)

Products: Sun: Jre, Jdk, Sdk

3 products

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.6.0
Sun Jre	Version 1.6.0
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_16
Sun Jre	Version 1.6.0 update_17
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7

Configuration B

18 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.6.0
Sun Jdk	Version 1.6.0
Sun Jdk	Version 1.6.0 update1
Sun Jdk	Version 1.6.0 update1_b06
Sun Jdk	Version 1.6.0 update2
Sun Jdk	Version 1.6.0 update_10
Sun Jdk	Version 1.6.0 update_11
Sun Jdk	Version 1.6.0 update_12
Sun Jdk	Version 1.6.0 update_13
Sun Jdk	Version 1.6.0 update_14
Sun Jdk	Version 1.6.0 update_15
Sun Jdk	Version 1.6.0 update_16
Sun Jdk	Version 1.6.0 update_17
Sun Jdk	Version 1.6.0 update_3
Sun Jdk	Version 1.6.0 update_4
Sun Jdk	Version 1.6.0 update_5
Sun Jdk	Version 1.6.0 update_6
Sun Jdk	Version 1.6.0 update_7

Configuration C

23 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.5.0
Sun Jdk	Version 1.5.0
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update11
Sun Jdk	Version 1.5.0 update12
Sun Jdk	Version 1.5.0 update13
Sun Jdk	Version 1.5.0 update14
Sun Jdk	Version 1.5.0 update15
Sun Jdk	Version 1.5.0 update16
Sun Jdk	Version 1.5.0 update17
Sun Jdk	Version 1.5.0 update18
Sun Jdk	Version 1.5.0 update19
Sun Jdk	Version 1.5.0 update1
Sun Jdk	Version 1.5.0 update20
Sun Jdk	Version 1.5.0 update21
Sun Jdk	Version 1.5.0 update2
Sun Jdk	Version 1.5.0 update3
Sun Jdk	Version 1.5.0 update4
Sun Jdk	Version 1.5.0 update5
Sun Jdk	Version 1.5.0 update6
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9

Configuration D

26 vulnerable

Vulnerable Software	Affected Versions
Sun Sdk	Up to 1.4.2_25
Sun Sdk	Version 1.4.2
Sun Sdk	Version 1.4.2_02
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15
Sun Sdk	Version 1.4.2_16
Sun Sdk	Version 1.4.2_17
Sun Sdk	Version 1.4.2_18
Sun Sdk	Version 1.4.2_19
Sun Sdk	Version 1.4.2_1
Sun Sdk	Version 1.4.2_20
Sun Sdk	Version 1.4.2_21
Sun Sdk	Version 1.4.2_22
Sun Sdk	Version 1.4.2_23
Sun Sdk	Version 1.4.2_24
Sun Sdk	Version 1.4.2_3
Sun Sdk	Version 1.4.2_4
Sun Sdk	Version 1.4.2_5
Sun Sdk	Version 1.4.2_6
Sun Sdk	Version 1.4.2_7
Sun Sdk	Version 1.4.2_8
Sun Sdk	Version 1.4.2_9

Configuration E

23 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.5.0
Sun Jre	Version 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update12
Sun Jre	Version 1.5.0 update13
Sun Jre	Version 1.5.0 update14
Sun Jre	Version 1.5.0 update15
Sun Jre	Version 1.5.0 update16
Sun Jre	Version 1.5.0 update17
Sun Jre	Version 1.5.0 update18
Sun Jre	Version 1.5.0 update19
Sun Jre	Version 1.5.0 update1
Sun Jre	Version 1.5.0 update20
Sun Jre	Version 1.5.0 update21
Sun Jre	Version 1.5.0 update2
Sun Jre	Version 1.5.0 update3
Sun Jre	Version 1.5.0 update4
Sun Jre	Version 1.5.0 update5
Sun Jre	Version 1.5.0 update6
Sun Jre	Version 1.5.0 update7
Sun Jre	Version 1.5.0 update8
Sun Jre	Version 1.5.0 update9

Configuration F

26 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.4.2_25
Sun Jre	Version 1.4.2
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_18
Sun Jre	Version 1.4.2_19
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_20
Sun Jre	Version 1.4.2_21
Sun Jre	Version 1.4.2_22
Sun Jre	Version 1.4.2_23
Sun Jre	Version 1.4.2_24
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9

Configuration G

35 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.3.1_27
Sun Jdk	Version 1.3.0
Sun Jdk	Version 1.3.0_01
Sun Jdk	Version 1.3.0_02
Sun Jdk	Version 1.3.0_03
Sun Jdk	Version 1.3.0_04
Sun Jdk	Version 1.3.0_05
Sun Jdk	Version 1.3.1
Sun Jdk	Version 1.3.1_01
Sun Jdk	Version 1.3.1_01a
Sun Jdk	Version 1.3.1_02
Sun Jdk	Version 1.3.1_03
Sun Jdk	Version 1.3.1_04
Sun Jdk	Version 1.3.1_05
Sun Jdk	Version 1.3.1_06
Sun Jdk	Version 1.3.1_07
Sun Jdk	Version 1.3.1_08
Sun Jdk	Version 1.3.1_09
Sun Jdk	Version 1.3.1_10
Sun Jdk	Version 1.3.1_11
Sun Jdk	Version 1.3.1_12
Sun Jdk	Version 1.3.1_13
Sun Jdk	Version 1.3.1_14
Sun Jdk	Version 1.3.1_15
Sun Jdk	Version 1.3.1_16
Sun Jdk	Version 1.3.1_17
Sun Jdk	Version 1.3.1_18
Sun Jdk	Version 1.3.1_19
Sun Jdk	Version 1.3.1_20
Sun Jdk	Version 1.3.1_21
Sun Jdk	Version 1.3.1_22
Sun Jdk	Version 1.3.1_23
Sun Jdk	Version 1.3.1_24
Sun Jdk	Version 1.3.1_25
Sun Jdk	Version 1.3.1_26

Configuration H

35 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.3.1_27
Sun Jre	Version 1.3.0
Sun Jre	Version 1.3.0 update1
Sun Jre	Version 1.3.0 update2
Sun Jre	Version 1.3.0 update3
Sun Jre	Version 1.3.0 update4
Sun Jre	Version 1.3.0 update5
Sun Jre	Version 1.3.1
Sun Jre	Version 1.3.1 update1
Sun Jre	Version 1.3.1 update2
Sun Jre	Version 1.3.1_03
Sun Jre	Version 1.3.1_04
Sun Jre	Version 1.3.1_05
Sun Jre	Version 1.3.1_06
Sun Jre	Version 1.3.1_07
Sun Jre	Version 1.3.1_08
Sun Jre	Version 1.3.1_09
Sun Jre	Version 1.3.1_10
Sun Jre	Version 1.3.1_11
Sun Jre	Version 1.3.1_12
Sun Jre	Version 1.3.1_13
Sun Jre	Version 1.3.1_14
Sun Jre	Version 1.3.1_15
Sun Jre	Version 1.3.1_16
Sun Jre	Version 1.3.1_17
Sun Jre	Version 1.3.1_18
Sun Jre	Version 1.3.1_19
Sun Jre	Version 1.3.1_20
Sun Jre	Version 1.3.1_21
Sun Jre	Version 1.3.1_22
Sun Jre	Version 1.3.1_23
Sun Jre	Version 1.3.1_24
Sun Jre	Version 1.3.1_25
Sun Jre	Version 1.3.1_26
Sun Jre	Version 1.3.1_2

Configuration I

35 vulnerable

Vulnerable Software	Affected Versions
Sun Sdk	Up to 1.3.1_27
Sun Sdk	Version 1.3.0
Sun Sdk	Version 1.3.0_01
Sun Sdk	Version 1.3.0_02
Sun Sdk	Version 1.3.0_03
Sun Sdk	Version 1.3.0_04
Sun Sdk	Version 1.3.0_05
Sun Sdk	Version 1.3.1
Sun Sdk	Version 1.3.1_01
Sun Sdk	Version 1.3.1_01a
Sun Sdk	Version 1.3.1_02
Sun Sdk	Version 1.3.1_03
Sun Sdk	Version 1.3.1_04
Sun Sdk	Version 1.3.1_05
Sun Sdk	Version 1.3.1_06
Sun Sdk	Version 1.3.1_07
Sun Sdk	Version 1.3.1_08
Sun Sdk	Version 1.3.1_09
Sun Sdk	Version 1.3.1_10
Sun Sdk	Version 1.3.1_11
Sun Sdk	Version 1.3.1_12
Sun Sdk	Version 1.3.1_13
Sun Sdk	Version 1.3.1_14
Sun Sdk	Version 1.3.1_15
Sun Sdk	Version 1.3.1_16
Sun Sdk	Version 1.3.1_17
Sun Sdk	Version 1.3.1_18
Sun Sdk	Version 1.3.1_19
Sun Sdk	Version 1.3.1_20
Sun Sdk	Version 1.3.1_21
Sun Sdk	Version 1.3.1_22
Sun Sdk	Version 1.3.1_23
Sun Sdk	Version 1.3.1_24
Sun Sdk	Version 1.3.1_25
Sun Sdk	Version 1.3.1_26

References (66)

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

Source: secalert_us@oracle.com

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

Source: secalert_us@oracle.com

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=127557596201693&w=2

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: secalert_us@oracle.com

http://secunia.com/advisories/39317

Source: secalert_us@oracle.com

Vendor Advisory

http://secunia.com/advisories/39659

Source: secalert_us@oracle.com

Vendor Advisory

http://secunia.com/advisories/39819

Source: secalert_us@oracle.com

Vendor Advisory

http://secunia.com/advisories/40211

Source: secalert_us@oracle.com

Vendor Advisory

http://secunia.com/advisories/40545

Source: secalert_us@oracle.com

Vendor Advisory

http://secunia.com/advisories/43308

Source: secalert_us@oracle.com

Vendor Advisory

http://support.apple.com/kb/HT4170

Source: secalert_us@oracle.com

http://support.apple.com/kb/HT4171

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0337.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0338.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0383.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0471.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0489.html

Source: secalert_us@oracle.com

http://www.securityfocus.com/archive/1/510541/100/0/threaded

Source: secalert_us@oracle.com

http://www.securityfocus.com/archive/1/516397/100/0/threaded

Source: secalert_us@oracle.com

http://www.securityfocus.com/bid/39062

Source: secalert_us@oracle.com

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Source: secalert_us@oracle.com

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Source: secalert_us@oracle.com

http://www.vupen.com/english/advisories/2010/1191

Source: secalert_us@oracle.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1454

Source: secalert_us@oracle.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1523

Source: secalert_us@oracle.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1793

Source: secalert_us@oracle.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-059

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14503

Source: secalert_us@oracle.com

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751