Description
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Published: 2009-11-05
Score: 9.3 Critical
EPSS: 12.5% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2009-3842 Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Ubuntu USN Ubuntu USN USN-859-1 OpenJDK vulnerabilities
References
Link Providers
http://java.sun.com/javase/6/webnotes/6u17.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=126566824131534&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=131593453929393&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://secunia.com/advisories/37231 cve-icon cve-icon
http://secunia.com/advisories/37239 cve-icon cve-icon
http://secunia.com/advisories/37386 cve-icon cve-icon
http://secunia.com/advisories/37581 cve-icon cve-icon
http://secunia.com/advisories/37841 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200911-02.xml cve-icon cve-icon
http://securitytracker.com/id?1023132 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 cve-icon cve-icon
http://support.apple.com/kb/HT3969 cve-icon cve-icon
http://support.apple.com/kb/HT3970 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-1694.html cve-icon cve-icon
http://www.securityfocus.com/bid/36881 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3131 cve-icon cve-icon
http://zerodayinitiative.com/advisories/ZDI-09-079/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3871 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12134 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6698 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8275 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9360 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3871 cve-icon
History

No history.

Subscriptions

Microsoft Windows
Redhat Enterprise Linux Network Satellite Rhel Extras Rhel Extras Sap
Sun Java Se Jdk Jre Sdk Solaris
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T06:45:50.140Z

Reserved: 2009-11-05T00:00:00.000Z

Link: CVE-2009-3871

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-11-05T16:30:00.407

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3871

cve-icon Redhat

Severity : Important

Publid Date: 2009-11-03T00:00:00Z

Links: CVE-2009-3871 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses