critical
9.3
CWE
189 119 190
Advisory Published
Updated

CVE-2008-5357: Buffer Overflow

First published: Fri Dec 05 2008(Updated: )

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Sun Java Runtime Environment (JRE)=1.3.1
Sun Java Runtime Environment (JRE)=1.3.1_2
Sun Java Runtime Environment (JRE)=1.3.1_03
Sun Java Runtime Environment (JRE)=1.3.1_04
Sun Java Runtime Environment (JRE)=1.3.1_05
Sun Java Runtime Environment (JRE)=1.3.1_06
Sun Java Runtime Environment (JRE)=1.3.1_07
Sun Java Runtime Environment (JRE)=1.3.1_08
Sun Java Runtime Environment (JRE)=1.3.1_09
Sun Java Runtime Environment (JRE)=1.3.1_10
Sun Java Runtime Environment (JRE)=1.3.1_11
Sun Java Runtime Environment (JRE)=1.3.1_12
Sun Java Runtime Environment (JRE)=1.3.1_13
Sun Java Runtime Environment (JRE)=1.3.1_14
Sun Java Runtime Environment (JRE)=1.3.1_15
Sun Java Runtime Environment (JRE)=1.3.1_16
Sun Java Runtime Environment (JRE)=1.3.1_17
Sun Java Runtime Environment (JRE)=1.3.1_18
Sun Java Runtime Environment (JRE)=1.3.1_19
Sun Java Runtime Environment (JRE)=1.3.1_20
Sun Java Runtime Environment (JRE)=1.3.1_21
Sun Java Runtime Environment (JRE)=1.3.1_22
Sun Java Runtime Environment (JRE)=1.3.1_23
Sun Java Runtime Environment (JRE)=1.4.2
Sun Java Runtime Environment (JRE)=1.4.2_1
Sun Java Runtime Environment (JRE)=1.4.2_2
Sun Java Runtime Environment (JRE)=1.4.2_3
Sun Java Runtime Environment (JRE)=1.4.2_4
Sun Java Runtime Environment (JRE)=1.4.2_5
Sun Java Runtime Environment (JRE)=1.4.2_6
Sun Java Runtime Environment (JRE)=1.4.2_7
Sun Java Runtime Environment (JRE)=1.4.2_8
Sun Java Runtime Environment (JRE)=1.4.2_9
Sun Java Runtime Environment (JRE)=1.4.2_10
Sun Java Runtime Environment (JRE)=1.4.2_11
Sun Java Runtime Environment (JRE)=1.4.2_12
Sun Java Runtime Environment (JRE)=1.4.2_13
Sun Java Runtime Environment (JRE)=1.4.2_14
Sun Java Runtime Environment (JRE)=1.4.2_15
Sun Java Runtime Environment (JRE)=1.4.2_16
Sun Java Runtime Environment (JRE)=1.4.2_17
Sun Java Runtime Environment (JRE)=1.4.2_18
Sun Java Runtime Environment (JRE)=1.5.0
Sun Java Runtime Environment (JRE)=1.5.0-update1
Sun Java Runtime Environment (JRE)=1.5.0-update10
Sun Java Runtime Environment (JRE)=1.5.0-update11
Sun Java Runtime Environment (JRE)=1.5.0-update12
Sun Java Runtime Environment (JRE)=1.5.0-update13
Sun Java Runtime Environment (JRE)=1.5.0-update14
Sun Java Runtime Environment (JRE)=1.5.0-update15
Sun Java Runtime Environment (JRE)=1.5.0-update16
Sun Java Runtime Environment (JRE)=1.5.0-update2
Sun Java Runtime Environment (JRE)=1.6.0
Sun Java Runtime Environment (JRE)=1.6.0-update_1
Sun Java Runtime Environment (JRE)=1.6.0-update_10
Sun Java Runtime Environment (JRE)=1.6.0-update_2
Sun Java Runtime Environment (JRE)=1.6.0-update_3
Sun Java Runtime Environment (JRE)=1.6.0-update_4
Sun Java Runtime Environment (JRE)=1.6.0-update_5
Sun Java Runtime Environment (JRE)=1.6.0-update_6
Java Development Kit (JDK)=1.5.0
Java Development Kit (JDK)=1.5.0-update1
Java Development Kit (JDK)=1.5.0-update10
Java Development Kit (JDK)=1.5.0-update2
Java Development Kit (JDK)=1.5.0-update3
Java Development Kit (JDK)=1.5.0-update4
Java Development Kit (JDK)=1.5.0-update5
Java Development Kit (JDK)=1.5.0-update6
Java Development Kit (JDK)=1.5.0-update7
Java Development Kit (JDK)=1.5.0-update7_b03
Java Development Kit (JDK)=1.5.0-update8
Java Development Kit (JDK)=1.5.0-update9
Java Development Kit (JDK)=1.6.0
Java Development Kit (JDK)=1.6.0-update_10
Java Development Kit (JDK)=1.6.0-update_3
Java Development Kit (JDK)=1.6.0-update_4
Java Development Kit (JDK)=1.6.0-update_5
Java Development Kit (JDK)=1.6.0-update_6
Java Development Kit (JDK)=1.6.0-update_7
Java Development Kit (JDK)=1.3.1
Java Development Kit (JDK)=1.3.1_01
Java Development Kit (JDK)=1.3.1_01a
Java Development Kit (JDK)=1.3.1_02
Java Development Kit (JDK)=1.3.1_03
Java Development Kit (JDK)=1.3.1_04
Java Development Kit (JDK)=1.3.1_05
Java Development Kit (JDK)=1.3.1_06
Java Development Kit (JDK)=1.3.1_07
Java Development Kit (JDK)=1.3.1_08
Java Development Kit (JDK)=1.3.1_09
Java Development Kit (JDK)=1.3.1_10
Java Development Kit (JDK)=1.3.1_11
Java Development Kit (JDK)=1.3.1_12
Java Development Kit (JDK)=1.3.1_13
Java Development Kit (JDK)=1.3.1_14
Java Development Kit (JDK)=1.3.1_15
Java Development Kit (JDK)=1.3.1_16
Java Development Kit (JDK)=1.3.1_17
Java Development Kit (JDK)=1.3.1_18
Java Development Kit (JDK)=1.3.1_19
Java Development Kit (JDK)=1.3.1_20
Java Development Kit (JDK)=1.3.1_21
Java Development Kit (JDK)=1.3.1_22
Java Development Kit (JDK)=1.3.1_23
Java Development Kit (JDK)=1.4.2
Java Development Kit (JDK)=1.4.2_1
Java Development Kit (JDK)=1.4.2_2
Java Development Kit (JDK)=1.4.2_02
Java Development Kit (JDK)=1.4.2_03
Java Development Kit (JDK)=1.4.2_3
Java Development Kit (JDK)=1.4.2_04
Java Development Kit (JDK)=1.4.2_4
Java Development Kit (JDK)=1.4.2_5
Java Development Kit (JDK)=1.4.2_6
Java Development Kit (JDK)=1.4.2_7
Java Development Kit (JDK)=1.4.2_8
Java Development Kit (JDK)=1.4.2_08
Java Development Kit (JDK)=1.4.2_09
Java Development Kit (JDK)=1.4.2_9
Java Development Kit (JDK)=1.4.2_10
Java Development Kit (JDK)=1.4.2_11
Java Development Kit (JDK)=1.4.2_12
Java Development Kit (JDK)=1.4.2_13
Java Development Kit (JDK)=1.4.2_14
Java Development Kit (JDK)=1.4.2_15
Java Development Kit (JDK)=1.4.2_16
Java Development Kit (JDK)=1.4.2_17
Java Development Kit (JDK)=1.4.2_18

Remedy

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760

Remedy

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2008-5357?

    The severity of CVE-2008-5357 is considered high due to its potential for remote code execution.

  • How can I mitigate CVE-2008-5357?

    Mitigation for CVE-2008-5357 includes updating to the latest version of the Java Runtime Environment (JRE) or applying patches provided by the vendor.

  • What versions are affected by CVE-2008-5357?

    CVE-2008-5357 affects Sun JDK and JRE versions prior to update 11 of 6, update 16 of 5.0, and various earlier versions of 1.4.2 and 1.3.1.

  • What type of attack does CVE-2008-5357 allow?

    CVE-2008-5357 allows remote attackers to execute arbitrary code by exploiting an integer overflow associated with a crafted TrueType font file.

  • Is a workaround available for CVE-2008-5357?

    No official workarounds for CVE-2008-5357 are documented; the recommended solution is to update or patch the affected environment.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203