Description
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Published: 2009-03-25
Score: 9.3 Critical
EPSS: 7.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1769-1 New openjdk-6 packages fix arbitrary code execution
Ubuntu USN Ubuntu USN USN-748-1 OpenJDK vulnerabilities
References
Link Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=124344236532162&w=2 cve-icon cve-icon
http://secunia.com/advisories/34489 cve-icon cve-icon
http://secunia.com/advisories/34495 cve-icon cve-icon
http://secunia.com/advisories/34496 cve-icon cve-icon
http://secunia.com/advisories/34632 cve-icon cve-icon
http://secunia.com/advisories/34675 cve-icon cve-icon
http://secunia.com/advisories/35156 cve-icon cve-icon
http://secunia.com/advisories/35223 cve-icon cve-icon
http://secunia.com/advisories/35255 cve-icon cve-icon
http://secunia.com/advisories/35416 cve-icon cve-icon
http://secunia.com/advisories/35776 cve-icon cve-icon
http://secunia.com/advisories/36185 cve-icon cve-icon
http://secunia.com/advisories/37386 cve-icon cve-icon
http://secunia.com/advisories/37460 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200911-02.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1769 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0392.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0394.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-1038.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/507985/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/34240 cve-icon cve-icon
http://www.securitytracker.com/id?1021913 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-748-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2009-0016.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1426 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3316 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-1098 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956 cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-0377.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1198.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-1098 cve-icon
History

No history.

Subscriptions

Redhat Enterprise Linux Network Satellite Rhel Extras
Sun Jdk Jre Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T04:57:17.770Z

Reserved: 2009-03-25T00:00:00.000Z

Link: CVE-2009-1098

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-03-25T23:30:00.313

Modified: 2026-04-23T00:35:47.467

Link: CVE-2009-1098

cve-icon Redhat

Severity : Critical

Publid Date: 2009-03-25T00:00:00Z

Links: CVE-2009-1098 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses