CVE 2009-3874
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Related bugs and status
CVE-2009-3874 (Candidate) is related to these bugs:
Bug #359407: Jaunty icedtea6-plugin doesn’t work in Firefox 3.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | openjdk-6 (Ubuntu) | High | Fix Released | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | firefox-3.5 (Ubuntu) | High | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | iceweasel (Debian) | Unknown | Fix Released | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | Mozilla Firefox | Critical | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | firefox-3.5 (Ubuntu Jaunty) | Undecided | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | openjdk-6 (Ubuntu Jaunty) | High | Fix Released | ||
Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu) | Undecided | Fix Released | ||
| 420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Hardy) | Undecided | Fix Released | ||
| 420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Karmic) | Undecided | Fix Released | ||
Bug #472845: wrong metric for Chinese font in OpenJDK applications
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Karmic) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Maverick) | Undecided | Fix Released | ||
Bug #477812: Security update for Sun Java JRE 6: update 17
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 477812 | Security update for Sun Java JRE 6: update 17 | sun-java6 (Ubuntu) | Undecided | Fix Released | ||
| 477812 | Security update for Sun Java JRE 6: update 17 | sun-java6 (Debian) | Unknown | Fix Released | ||
| 477812 | Security update for Sun Java JRE 6: update 17 | sun-java6 (openSUSE) | Unknown | Unknown | ||
| 477812 | Security update for Sun Java JRE 6: update 17 | sun-java6 (Ubuntu Hardy) | Undecided | Fix Released | ||
Bug #551328: Applets use 100% of CPU
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 551328 | Applets use 100% of CPU | openjdk-6 (Ubuntu) | Undecided | Fix Released | ||
| 551328 | Applets use 100% of CPU | OpenJDK | Medium | Invalid | ||
| 551328 | Applets use 100% of CPU | openjdk-6 (Debian) | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
