More bugs in Java image processing routines

Two significant security problems have been discovered in Sun's Java Runtime Environment (JRE) and in the associated development environment (JDK / SDK). According to an advisory from the vendor, there are two vulnerabilities in the image processing routines as a result of which untrusted Java applets may be able to obtain unauthorised access to user files and execute arbitrary programs or crash the Java VM (denial of service). The latest version of Java, version 6, and all previous versions for all operating systems are affected.

Sun have fixed both problems in version 6 update 1 and 5.0 update 11. Version 1.3.1_20 fixes the denial of service bug only. Users of version 1.3.x should update to a later major version. No update is available for either bug for Version 1.4, still widely used by developers for reasons of stability. Both vulnerabilities remain unfixed in the current version 1.4.2_14. Other Java implementations, such as those from IBM and Blackdown, may also be affected by the bugs, as they are based on Sun Java. No bug reports have yet been issued by these vendors.

See also:

• Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges, advisory from Sun
• Sun’s JDK executes code from images , report by heise Security

(mba)