CVE-2008-5357

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 16 years ago

2008-12-05 11:30:00

Last updated 5 years ago

2019-10-09 22:56:00

Affected Software

Sun J2RE 1.3.1

1.3.1

Sun JRE 1.3.1_2

1.3.1_2

Sun JRE 1.3.1_03

1.3.1_03

Sun JRE 1.3.1_04

1.3.1_04

Sun JRE 1.3.1_05

1.3.1_05

Sun JRE 1.3.1_06

1.3.1_06

Sun JRE 1.3.1_07

1.3.1_07

Sun JRE 1.3.1_08

1.3.1_08

Sun JRE 1.3.1_09

1.3.1_09

Sun JRE 1.3.1_10

1.3.1_10

Sun JRE 1.3.1_11

1.3.1_11

Sun JRE 1.3.1_12

1.3.1_12

Sun JRE 1.3.1_13

1.3.1_13

Sun JRE 1.3.1_14

1.3.1_14

Sun JRE 1.3.1_15

1.3.1_15

Sun JRE 1.3.1_16

1.3.1_16

Sun JRE 1.3.1_17

1.3.1_17

Sun JRE 1.3.1_18

1.3.1_18

Sun JRE 1.3.1_19

1.3.1_19

Sun JRE 1.3.1_20

1.3.1_20

Sun JRE 1.3.1_21

1.3.1_21

Sun JRE 1.3.1_22

1.3.1_22

Sun JRE 1.3.1_23

1.3.1_23

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 1.5 _07-b03

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JDK 1.6.0

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun SDK 1.3.1

1.3.1

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_02

1.3.1_02

Sun SDK 1.3.1_03

1.3.1_03

Sun SDK 1.3.1_04

1.3.1_04

Sun SDK 1.3.1_05

1.3.1_05

Sun SDK 1.3.1_06

1.3.1_06

Sun SDK 1.3.1_07

1.3.1_07

Sun SDK 1.3.1_08

1.3.1_08

Sun SDK 1.3.1_09

1.3.1_09

Sun SDK 1.3.1_10

1.3.1_10

Sun SDK 1.3.1_11

1.3.1_11

Sun SDK 1.3.1_12

1.3.1_12

Sun SDK 1.3.1_13

1.3.1_13

Sun SDK 1.3.1_14

1.3.1_14

Sun SDK 1.3.1_15

1.3.1_15

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_17

1.3.1_17

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

Sun SDK 1.3.1_20

1.3.1_20

Sun SDK 1.3.1_21

1.3.1_21

Sun SDK 1.3.1_22

1.3.1_22

Sun SDK 1.3.1_23

1.3.1_23

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

SDK 1.4.2_02

1.4.2_02

Sun SDK 1.4.2_2

1.4.2_2

SDK 1.4.2_03

1.4.2_03

Sun SDK 1.4.2_3

1.4.2_3

SDK 1.4.2_04

1.4.2_04

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_08

1.4.2_08

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_09

1.4.2_09

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

Sun SDK 1.4.2_16

1.4.2_16

Sun SDK1.4.2_17

1.4.2_17

Sun SDK1.4.2_18

1.4.2_18

References

20081204 Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability

Patch, Vendor Advisory

SUSE-SA:2009:007

Mailing List, Third Party Advisory

SUSE-SR:2009:006

Mailing List, Third Party Advisory

SUSE-SA:2009:018

Mailing List, Third Party Advisory

SUSE-SR:2009:010

Mailing List, Third Party Advisory

SSRT080111

Mailing List, Third Party Advisory

SSRT090049

Mailing List, Third Party Advisory

50517

Broken Link

RHSA-2008:1018

Third Party Advisory

RHSA-2008:1025

Third Party Advisory

32991

Third Party Advisory

33015

Third Party Advisory

33187

Third Party Advisory

33710

Third Party Advisory

34233

Third Party Advisory

34259

Third Party Advisory

34447

Third Party Advisory

34605

Third Party Advisory

34972

Third Party Advisory

35065

Third Party Advisory

37386

Third Party Advisory

38539

Third Party Advisory

GLSA-200911-02

Third Party Advisory

244987

Patch, Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Third Party Advisory

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Third Party Advisory

RHSA-2009:0016

Third Party Advisory

RHSA-2009:0369

Third Party Advisory

32608

Third Party Advisory, VDB Entry

TA08-340A

Third Party Advisory, US Government Resource

ADV-2008-3339

Third Party Advisory

ADV-2009-0672

Third Party Advisory

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Third Party Advisory

jre-font-privilege-escalation(47050)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:6505

Third Party Advisory

RHSA-2009:0466

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.