CVE-2009-1097

Publication date 25 March 2009

Last updated 24 July 2024

Ubuntu priority

Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 6b12-0ubuntu6.4
	8.04 LTS hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 6.20dlj-1ubuntu3
	9.10 karmic	Fixed 6.20dlj-0ubuntu1.9.10
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Not in release

CVE-2009-1097

Status

References

Related Ubuntu Security Notices (USN)

Other references