Integer Signedness Error in Java SE Development Kit and Runtime Environment
CVE-2009-1099

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Runtime Environment; Java Se Development Kit
Vendor: CVE Published:; 25 March 2009

Summary

An integer signedness error in the Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 5.0 Update 17 and earlier, along with 6 Update 12 and earlier, allows remote attackers to exploit crafted glyph descriptions in Type1 fonts. This vulnerability may enable unauthorized access to files and the execution of arbitrary code, bypassing checks due to a signed comparison failure, potentially leading to severe security risks for affected systems.

References

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 25, 2009
Vulnerability Reserved
Mar 25, 2009