CVE-2008-5357: Buffer Overflow
First published: Fri Dec 05 2008(Updated: )
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun JRE | =1.6.0-update_3 | |
| Sun JRE | =1.4.2_7 | |
| Sun JRE | =1.6.0-update_5 | |
| Sun JRE | =1.4.2_16 | |
| Sun JRE | =1.3.1 | |
| Sun JRE | =1.3.1_10 | |
| Sun JRE | =1.3.1_06 | |
| Sun JRE | =1.4.2_4 | |
| Sun JRE | =1.4.2_2 | |
| Sun JRE | =1.3.1_20 | |
| Sun JRE | =1.3.1_22 | |
| Sun JRE | =1.5.0-update2 | |
| Sun JRE | =1.3.1_2 | |
| Sun JRE | =1.6.0-update_1 | |
| Sun JRE | =1.4.2_15 | |
| Sun JRE | =1.5.0-update13 | |
| Sun JRE | =1.6.0-update_2 | |
| Sun JRE | =1.4.2_13 | |
| Sun JRE | =1.4.2_1 | |
| Sun JRE | =1.4.2_8 | |
| Sun JRE | =1.5.0-update12 | |
| Sun JRE | =1.3.1_16 | |
| Sun JRE | =1.3.1_19 | |
| Sun JRE | =1.6.0-update_6 | |
| Sun JRE | =1.3.1_11 | |
| Sun JRE | =1.3.1_17 | |
| Sun JRE | =1.5.0-update16 | |
| Sun JRE | =1.4.2_12 | |
| Sun JRE | =1.3.1_12 | |
| Sun JRE | =1.3.1_03 | |
| Sun JRE | =1.3.1_14 | |
| Sun JRE | =1.5.0-update11 | |
| Sun JRE | =1.5.0-update15 | |
| Sun JRE | =1.3.1_08 | |
| Sun JRE | =1.6.0-update_10 | |
| Sun JRE | =1.4.2_18 | |
| Sun JRE | =1.4.2_14 | |
| Sun JRE | =1.3.1_07 | |
| Sun JRE | =1.3.1_05 | |
| Sun JRE | =1.4.2_10 | |
| Sun JRE | =1.4.2_17 | |
| Sun JRE | =1.5.0-update14 | |
| Sun JRE | =1.4.2_9 | |
| Sun JRE | =1.4.2 | |
| Sun JRE | =1.3.1_13 | |
| Sun JRE | =1.3.1_04 | |
| Sun JRE | =1.3.1_09 | |
| Sun JRE | =1.4.2_11 | |
| Sun JRE | =1.5.0-update1 | |
| Sun JRE | =1.3.1_18 | |
| Sun JRE | =1.3.1_23 | |
| Sun JRE | =1.5.0-update10 | |
| Sun JRE | =1.3.1_15 | |
| Sun JRE | =1.6.0-update_4 | |
| Sun JRE | =1.4.2_3 | |
| Sun JRE | =1.4.2_5 | |
| Sun JRE | =1.3.1_21 | |
| Sun JRE | =1.4.2_6 | |
| Sun JRE | =1.5.0 | |
| Sun JRE | =1.6.0 | |
| OpenJDK | =1.6.0-update_4 | |
| OpenJDK | =1.6.0-update_7 | |
| OpenJDK | =1.5.0-update3 | |
| OpenJDK | =1.6.0-update_3 | |
| OpenJDK | =1.6.0-update_10 | |
| OpenJDK | =1.5.0-update9 | |
| OpenJDK | =1.6.0-update_5 | |
| OpenJDK | =1.5.0-update6 | |
| OpenJDK | =1.5.0-update1 | |
| OpenJDK | =1.5.0-update4 | |
| OpenJDK | =1.5.0-update7 | |
| OpenJDK | =1.5.0-update5 | |
| OpenJDK | =1.5.0-update7_b03 | |
| OpenJDK | =1.5.0-update2 | |
| OpenJDK | =1.5.0-update8 | |
| OpenJDK | =1.6.0-update_6 | |
| OpenJDK | =1.5.0-update10 | |
| OpenJDK | =1.5.0 | |
| OpenJDK | =1.6.0 | |
| Sun SDK | =1.3.1_03 | |
| Sun SDK | =1.3.1_23 | |
| Sun SDK | =1.4.2 | |
| Sun SDK | =1.3.1_19 | |
| Sun SDK | =1.3.1 | |
| Sun SDK | =1.3.1_08 | |
| Sun SDK | =1.4.2_10 | |
| Sun SDK | =1.4.2_12 | |
| Sun SDK | =1.3.1_15 | |
| Sun SDK | =1.4.2_17 | |
| Sun SDK | =1.4.2_14 | |
| Sun SDK | =1.4.2_04 | |
| Sun SDK | =1.4.2_13 | |
| Sun SDK | =1.4.2_6 | |
| Sun SDK | =1.3.1_07 | |
| Sun SDK | =1.4.2_2 | |
| Sun SDK | =1.3.1_10 | |
| Sun SDK | =1.4.2_5 | |
| Sun SDK | =1.3.1_06 | |
| Sun SDK | =1.4.2_1 | |
| Sun SDK | =1.4.2_18 | |
| Sun SDK | =1.3.1_12 | |
| Sun SDK | =1.4.2_4 | |
| Sun SDK | =1.3.1_20 | |
| Sun SDK | =1.3.1_17 | |
| Sun SDK | =1.3.1_02 | |
| Sun SDK | =1.3.1_18 | |
| Sun SDK | =1.3.1_01 | |
| Sun SDK | =1.3.1_16 | |
| Sun SDK | =1.3.1_01a | |
| Sun SDK | =1.3.1_22 | |
| Sun SDK | =1.3.1_14 | |
| Sun SDK | =1.4.2_7 | |
| Sun SDK | =1.3.1_13 | |
| Sun SDK | =1.4.2_09 | |
| Sun SDK | =1.4.2_8 | |
| Sun SDK | =1.4.2_02 | |
| Sun SDK | =1.4.2_16 | |
| Sun SDK | =1.4.2_11 | |
| Sun SDK | =1.3.1_09 | |
| Sun SDK | =1.4.2_9 | |
| Sun SDK | =1.3.1_04 | |
| Sun SDK | =1.3.1_21 | |
| Sun SDK | =1.4.2_08 | |
| Sun SDK | =1.3.1_05 | |
| Sun SDK | =1.4.2_03 | |
| Sun SDK | =1.4.2_3 | |
| Sun SDK | =1.3.1_11 | |
| Sun SDK | =1.4.2_15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
- http://rhn.redhat.com/errata/RHSA-2008-1025.html
- http://secunia.com/advisories/33015
- http://secunia.com/advisories/32991
- http://rhn.redhat.com/errata/RHSA-2008-1018.html
- http://www.securityfocus.com/bid/32608
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
- http://www.us-cert.gov/cas/techalerts/TA08-340A.html
- http://secunia.com/advisories/33710
- http://secunia.com/advisories/33187
- http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
- http://www.redhat.com/support/errata/RHSA-2009-0016.html
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
- http://secunia.com/advisories/34233
- http://secunia.com/advisories/34259
- http://www.vupen.com/english/advisories/2009/0672
- http://marc.info/?l=bugtraq&m=123678756409861&w=2
- http://secunia.com/advisories/34447
- http://www.redhat.com/support/errata/RHSA-2009-0369.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
- http://secunia.com/advisories/34605
- http://secunia.com/advisories/35065
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://secunia.com/advisories/34972
- https://rhn.redhat.com/errata/RHSA-2009-0466.html
- http://osvdb.org/50517
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/38539
- http://www.vupen.com/english/advisories/2008/3339
- http://marc.info/?l=bugtraq&m=126583436323697&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6505
Frequently Asked Questions
What is the severity of CVE-2008-5357?
The severity of CVE-2008-5357 is considered high due to its potential for remote code execution.
How can I mitigate CVE-2008-5357?
Mitigation for CVE-2008-5357 includes updating to the latest version of the Java Runtime Environment (JRE) or applying patches provided by the vendor.
What versions are affected by CVE-2008-5357?
CVE-2008-5357 affects Sun JDK and JRE versions prior to update 11 of 6, update 16 of 5.0, and various earlier versions of 1.4.2 and 1.3.1.
What type of attack does CVE-2008-5357 allow?
CVE-2008-5357 allows remote attackers to execute arbitrary code by exploiting an integer overflow associated with a crafted TrueType font file.
Is a workaround available for CVE-2008-5357?
No official workarounds for CVE-2008-5357 are documented; the recommended solution is to update or patch the affected environment.
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sun
- canonical/sun jre
- version/sun jre/1.6.0-update_3
- version/sun jre/1.4.2_7
- version/sun jre/1.6.0-update_5
- version/sun jre/1.4.2_16
- version/sun jre/1.3.1
- version/sun jre/1.3.1_10
- version/sun jre/1.3.1_06
- version/sun jre/1.4.2_4
- version/sun jre/1.4.2_2
- version/sun jre/1.3.1_20
- version/sun jre/1.3.1_22
- version/sun jre/1.5.0-update2
- version/sun jre/1.3.1_2
- version/sun jre/1.6.0-update_1
- version/sun jre/1.4.2_15
- version/sun jre/1.5.0-update13
- version/sun jre/1.6.0-update_2
- version/sun jre/1.4.2_13
- version/sun jre/1.4.2_1
- version/sun jre/1.4.2_8
- version/sun jre/1.5.0-update12
- version/sun jre/1.3.1_16
- version/sun jre/1.3.1_19
- version/sun jre/1.6.0-update_6
- version/sun jre/1.3.1_11
- version/sun jre/1.3.1_17
- version/sun jre/1.5.0-update16
- version/sun jre/1.4.2_12
- version/sun jre/1.3.1_12
- version/sun jre/1.3.1_03
- version/sun jre/1.3.1_14
- version/sun jre/1.5.0-update11
- version/sun jre/1.5.0-update15
- version/sun jre/1.3.1_08
- version/sun jre/1.6.0-update_10
- version/sun jre/1.4.2_18
- version/sun jre/1.4.2_14
- version/sun jre/1.3.1_07
- version/sun jre/1.3.1_05
- version/sun jre/1.4.2_10
- version/sun jre/1.4.2_17
- version/sun jre/1.5.0-update14
- version/sun jre/1.4.2_9
- version/sun jre/1.4.2
- version/sun jre/1.3.1_13
- version/sun jre/1.3.1_04
- version/sun jre/1.3.1_09
- version/sun jre/1.4.2_11
- version/sun jre/1.5.0-update1
- version/sun jre/1.3.1_18
- version/sun jre/1.3.1_23
- version/sun jre/1.5.0-update10
- version/sun jre/1.3.1_15
- version/sun jre/1.6.0-update_4
- version/sun jre/1.4.2_3
- version/sun jre/1.4.2_5
- version/sun jre/1.3.1_21
- version/sun jre/1.4.2_6
- version/sun jre/1.5.0
- version/sun jre/1.6.0
- canonical/openjdk
- version/openjdk/1.6.0-update_4
- version/openjdk/1.6.0-update_7
- version/openjdk/1.5.0-update3
- version/openjdk/1.6.0-update_3
- version/openjdk/1.6.0-update_10
- version/openjdk/1.5.0-update9
- version/openjdk/1.6.0-update_5
- version/openjdk/1.5.0-update6
- version/openjdk/1.5.0-update1
- version/openjdk/1.5.0-update4
- version/openjdk/1.5.0-update7
- version/openjdk/1.5.0-update5
- version/openjdk/1.5.0-update7_b03
- version/openjdk/1.5.0-update2
- version/openjdk/1.5.0-update8
- version/openjdk/1.6.0-update_6
- version/openjdk/1.5.0-update10
- version/openjdk/1.5.0
- version/openjdk/1.6.0
- canonical/sun sdk
- version/sun sdk/1.3.1_03
- version/sun sdk/1.3.1_23
- version/sun sdk/1.4.2
- version/sun sdk/1.3.1_19
- version/sun sdk/1.3.1
- version/sun sdk/1.3.1_08
- version/sun sdk/1.4.2_10
- version/sun sdk/1.4.2_12
- version/sun sdk/1.3.1_15
- version/sun sdk/1.4.2_17
- version/sun sdk/1.4.2_14
- version/sun sdk/1.4.2_04
- version/sun sdk/1.4.2_13
- version/sun sdk/1.4.2_6
- version/sun sdk/1.3.1_07
- version/sun sdk/1.4.2_2
- version/sun sdk/1.3.1_10
- version/sun sdk/1.4.2_5
- version/sun sdk/1.3.1_06
- version/sun sdk/1.4.2_1
- version/sun sdk/1.4.2_18
- version/sun sdk/1.3.1_12
- version/sun sdk/1.4.2_4
- version/sun sdk/1.3.1_20
- version/sun sdk/1.3.1_17
- version/sun sdk/1.3.1_02
- version/sun sdk/1.3.1_18
- version/sun sdk/1.3.1_01
- version/sun sdk/1.3.1_16
- version/sun sdk/1.3.1_01a
- version/sun sdk/1.3.1_22
- version/sun sdk/1.3.1_14
- version/sun sdk/1.4.2_7
- version/sun sdk/1.3.1_13
- version/sun sdk/1.4.2_09
- version/sun sdk/1.4.2_8
- version/sun sdk/1.4.2_02
- version/sun sdk/1.4.2_16
- version/sun sdk/1.4.2_11
- version/sun sdk/1.3.1_09
- version/sun sdk/1.4.2_9
- version/sun sdk/1.3.1_04
- version/sun sdk/1.3.1_21
- version/sun sdk/1.4.2_08
- version/sun sdk/1.3.1_05
- version/sun sdk/1.4.2_03
- version/sun sdk/1.4.2_3
- version/sun sdk/1.3.1_11
- version/sun sdk/1.4.2_15