Apple Java security update for CVE-2009-1097
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | March 25, 2009 | January 26, 2012 | February 13, 2015 |
Description
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- BID-34240
- CVE-2009-1097
- DEBIAN-DSA-1769
- OVAL-OVAL11241
- OVAL-OVAL6288
- REDHAT-RHSA-2009:0377
- REDHAT-RHSA-2009:0392
- REDHAT-RHSA-2009:1038
- REDHAT-RHSA-2009:1198
- SUSE-SUSE-SA:2009:016
- SUSE-SUSE-SA:2009:029
- SUSE-SUSE-SA:2009:036
- URL: http://support.apple.com/kb/HT3632
- URL: http://support.apple.com/kb/HT3633
- XF-49475
Solution Reference
Java Security UpdateSolution
apple-java-upgrade-1_4_2_21Related Vulnerabilities
- JRE Temporary Font Files Denial of Service
- SUSE Linux Security Advisory: SUSE-SA:2009:016
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- SUSE Linux Security Vulnerability: CVE-2009-1105
- VMSA-2009-0014: JRE Security Update (CVE-2009-1101)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1094)
- Apple Java security update for CVE-2009-1094
- SUSE Linux Security Vulnerability: CVE-2009-1104
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- SUSE Linux Security Vulnerability: CVE-2009-1093
- RHSA-2009:0394: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1093)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1099)
- Gentoo Linux: CVE-2009-1100: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1102)
- Gentoo Linux: CVE-2009-1107: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- SUSE Linux Security Vulnerability: CVE-2009-1095
- VMSA-2009-0014: JRE Security Update (CVE-2009-1105)
- RHSA-2009:0377: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-1103
- Apple Java security update for CVE-2009-1096
- RHSA-2009:0392: java-1.6.0-sun security update
- Gentoo Linux: CVE-2009-1105: Sun JDK/JRE: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-1107
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1098)
- Apple Java security update for CVE-2009-1095
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1101)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1093)
- Apple Java security update for CVE-2009-1100
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1106)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- JRE Code Generation
- Gentoo Linux: CVE-2009-1103: Sun JDK/JRE: Multiple vulnerabilities
- Apple Java security update for CVE-2009-1098
- SUSE Linux Security Vulnerability: CVE-2009-1102
- VMSA-2009-0014: JRE Security Update (CVE-2009-1093)
- JRE Unpack200 Memory Corruption Vulnerabilities
- JRE Multiple Java Plug-in Vulnerabilities
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1106)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1097)
- SUSE Linux Security Vulnerability: CVE-2009-1099
- Apple Java security update for CVE-2009-1107
- SUSE Linux Security Vulnerability: CVE-2009-1094
- Gentoo Linux: CVE-2009-1101: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1102)
- Java CPU July 2009 unspecified vulnerability
- Gentoo Linux: CVE-2009-1095: Sun JDK/JRE: Multiple vulnerabilities
- JRE Image and Font Processing Vulnerabilities
- Gentoo Linux: CVE-2009-1102: Sun JDK/JRE: Multiple vulnerabilities
- Cent OS: CVE-2009-1098: CESA-2009:0377 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-1096
- SUSE Linux Security Vulnerability: CVE-2009-1106
- Gentoo Linux: CVE-2009-1094: Sun JDK/JRE: Multiple vulnerabilities
- JRE LDAP Remote Code Execution
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1094)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1095)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1101)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1096)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1105)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1107)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- Apple Java security update for CVE-2009-1101
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1095)
- Gentoo Linux: CVE-2009-1104: Sun JDK/JRE: Multiple vulnerabilities
- Cent OS: CVE-2009-1094: CESA-2009:0377 (java-1.6.0-openjdk)
- JRE HTTP Server File Descriptor Leak
- Cent OS: CVE-2009-1096: CESA-2009:0377 (java-1.6.0-openjdk)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- Apple Java security update for CVE-2009-1106
- RHSA-2009:1038: java-1.5.0-ibm security update
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- Gentoo Linux: CVE-2009-1099: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1096)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- Gentoo Linux: CVE-2009-1096: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- Cent OS: CVE-2009-1095: CESA-2009:0377 (java-1.6.0-openjdk)
- USN-748-1: OpenJDK vulnerabilities
- VMSA-2009-0014: JRE Security Update (CVE-2009-1104)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1096)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- Gentoo Linux: CVE-2009-1097: Sun JDK/JRE: Multiple vulnerabilities
- Java CPU July 2009 unspecified vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-1097