Launchpad.net

CVE 2009-3867

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

Related bugs and status

CVE-2009-3867 (Candidate) is related to these bugs:

Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty

		In	Importance	Status
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released

Bug #477812: Security update for Sun Java JRE 6: update 17

		In	Importance	Status
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu)	Undecided	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Debian)	Unknown	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (openSUSE)	Unknown	Unknown
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3867

Related bugs and status

Related bugs

References