CVE-2010-3571
Publication date 19 October 2010
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
From the Ubuntu Security Team
It was discovered that there was an unspecified vulnerability in the 2D component.
Status
Package | Ubuntu Release | Status |
---|---|---|
sun-java6 | 10.10 maverick |
Fixed 6.22-0ubuntu1~10.10
|
10.04 LTS lucid |
Fixed 6.22-0ubuntu1~10.04
|
|
9.10 karmic |
Fixed 6.22-0ubuntu1~9.10.1
|
|
9.04 jaunty |
Fixed 6.22-0ubuntu1~9.04.1
|
|
8.04 LTS hardy |
Fixed 6.22-0ubuntu1~8.04.1
|
|
6.06 LTS dapper | Not in release |