No announcement yet.

Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability

    Secunia Advisory: SA23757
    Release Date: 2007-01-17
    Last Update: 2007-01-18

    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch

    A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is reported in the following versions:
    * JDK and JRE 5.0 Update 9 and prior.
    * SDK and JRE 1.4.2_12 and prior.
    * SDK and JRE 1.3.1_18 and prior.

    Provided and/or discovered by:
    Discovered by an anonymous person and reported via ZDI.

    2007-01-18: Added CVE reference and link to US-CERT.

    Original Advisory:

    Sun Microsystems:


    Other References:
    US-CERT VU#388289:

  • #2
    How is this relevant to vB? It doesn't allow Java by default, and allowing arbitrary Java is typically a fairly significant privacy/security risk anyway (although it usually can't install viruses without exploits such as this).
    System Administrator, Total War Center

    Developer, MediaWiki


    • #3
      Moved because this has no relevance to vBulletin as it doesn't utilize Sun's Java Environment at all.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.