CVE-2010-0846

Publication date 1 April 2010

Last updated 24 July 2024

Ubuntu priority

Description

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjdk-6	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release
sun-java5	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life
sun-java6	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 6.20dlj-0ubuntu1.9.10
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	6.06 LTS dapper	Not in release

CVE-2010-0846

Description

Status

References

Other references