Sun’s JDK executes code from images
Due to errors in Sun's Java Development Kit attackers could execute arbitrary code or crash systems that use the JDK to process images server-side. Chris Evans from the Google Security Team has published an advisory on these vulnerabilities, including links to files for demonstration purposes.
Manipulated JPEG images with integrated ICC colour profiles may be used to infiltrate malicious code into the JDK. These images are parsed without range-checking the values in the ICC profile. Excessively large values cause an integer overflow and a subsequent buffer overflow. Under Linux, manipulated BMP files may cause the image parsing thread to hang while trying to read from /dev/tty.
These bugs affect JDK versions prior to the current versions 1.5.0_11-b03 and 1.6.0_01-b06. The version number of the installed JDK can be determined with the command java -fullversion at the command prompt. When installing a newer version it is important to remember that the older version doesn't get uninstalled automatically; administrators should perform the uninstallation manually.
- JDK image parsing library vulnerabilities (ICC parsing, BMP parsing), advisory by Chris Evans
- Download of the current JDK versions