Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.10009.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat Subscribe
Network Satellite Subscribe
Rhel Extras Subscribe
Rhel Extras Sap Subscribe
Sun Subscribe
Jdk Subscribe
Jre Subscribe
Sdk Subscribe

Configuration 1 [-]

OR cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:sun:jdk:*:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:sun:jre:*:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 3
java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el3 cpe:/a:redhat:rhel_extras:3 RHSA-2010:0574 2010-07-29T00:00:00Z
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0337 2010-04-01T00:00:00Z
java-1.5.0-sun-0:1.5.0.22-1jpp.3.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0338 2010-04-01T00:00:00Z
java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0383 2010-04-29T00:00:00Z
java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0489 2010-06-17T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2010:0574 2010-07-29T00:00:00Z
Extras for RHEL 4.7.z
java-1.5.0-sun-0:1.5.0.22-1jpp.3.el4 cpe:/a:redhat:rhel_extras:4.7.z RHSA-2010:0338 2010-04-01T00:00:00Z
Red Hat Network Satellite Server v 5.3
java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5 cpe:/a:redhat:network_satellite:5.3::el4 RHSA-2010:0471 2010-06-14T00:00:00Z
RHEL 4 for SAP
java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8 cpe:/a:redhat:rhel_extras_sap:4 RHSA-2010:0586 2010-08-02T00:00:00Z
RHEL 5 for SAP
java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5 cpe:/a:redhat:rhel_extras_sap:5 RHSA-2010:0586 2010-08-02T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0337 2010-04-01T00:00:00Z
java-1.5.0-sun-0:1.5.0.22-1jpp.3.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0338 2010-04-01T00:00:00Z
java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0383 2010-04-29T00:00:00Z
java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0489 2010-06-17T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0574 2010-07-29T00:00:00Z
Supplementary for RHEL 5.2.z
java-1.5.0-sun-0:1.5.0.22-1jpp.3.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0338 2010-04-01T00:00:00Z
Supplementary for RHEL 5.3.z
java-1.5.0-sun-0:1.5.0.22-1jpp.3.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2010:0338 2010-04-01T00:00:00Z

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127557596201693&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://secunia.com/advisories/39317 cve-icon cve-icon
http://secunia.com/advisories/39659 cve-icon cve-icon
http://secunia.com/advisories/39819 cve-icon cve-icon
http://secunia.com/advisories/40211 cve-icon cve-icon
http://secunia.com/advisories/40545 cve-icon cve-icon
http://secunia.com/advisories/43308 cve-icon cve-icon
http://support.apple.com/kb/HT4170 cve-icon cve-icon
http://support.apple.com/kb/HT4171 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0337.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0338.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0383.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0471.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0489.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/510531/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/516397/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/39067 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2011-0003.html cve-icon cve-icon
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1191 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1454 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1523 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1793 cve-icon cve-icon
http://www.zerodayinitiative.com/advisories/ZDI-10-054/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-0841 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14144 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-0841 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2024-08-07T00:59:39.414Z

Reserved: 2010-03-03T00:00:00

Link: CVE-2010-0841

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-04-01T16:30:00.920

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0841

cve-icon Redhat

Severity : Important

Publid Date: 2010-03-30T00:00:00Z

Links: CVE-2010-0841 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses