Wednesday, January 17, 2007 10:37 AM cmosby

Sun Java GIF Image Processing Buffer Overflow Vulnerability

Fellow blogger Harry Waldron posted this info to in an e-mail list, so I hope he won’t mind me using it.


Sun Java GIF Image Processing Buffer Overflow Vulnerability

http://secunia.com/advisories/23757/

http://www.frsirt.com/english/advisories/2007/0211

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

http://www.zerodayinitiative.com/advisories/ZDI-07-005.html

Rating: Highly critical

QUOTE: A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when processing GIF images and can be exploited to cause a heap-based buffer overflow via a specially crafted GIF image with an image width of 0. Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in the following

versions:

* JDK and JRE 5.0 Update 9 and prior.

* SDK and JRE 1.4.2_12 and prior.

* SDK and JRE 1.3.1_18 and prior.

Solution: Updated to fixed versions.

 

Filed under: , ,

Comments

# Chris Mosby (myITforum): Sun Java GIF Image Processing Buffer Overflow Vulnerability

Wednesday, January 17, 2007 1:30 PM by Andrew Berges at myITforum.com

Fellow blogger Harry Waldron posted this info to in an e-mail list, so I hope he won’t mind me using