Strix
26.1K

CVE-2009-3872

UnknownEPSS 4.26%

Last modified

CVE-2009-3872 is a vulnerability of currently unknown severity. Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.. EPSS estimates a 4.26% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

Metrics

EPSS Probability
4.26%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
SunJdk1.5.0Update 1
SunJdk1.6.0Update 1
SunJre1.5.0Update 1
SunJre1.6.0Update 1
SunJre1.4.2_1
SunJre1.4.2_2
SunJre1.4.2_02
SunJre1.4.2_03
SunJre1.4.2_3
SunJre1.4.2_4
SunJre1.4.2_04
SunJre1.4.2_05
SunJre1.4.2_5
SunJre1.4.2_06
SunJre1.4.2_6
SunJre1.4.2_7
SunJre1.4.2_07
SunJre1.4.2_8
SunJre1.4.2_08
SunJre1.4.2_09
SunJre1.4.2_9
SunJre1.4.2_10
SunJre1.4.2_11
SunJre1.4.2_12
SunJre1.4.2_13
SunJre1.4.2_14
SunJre1.4.2_15
SunJre1.4.2_16
SunJre1.4.2_17
SunJre1.4.2_18
SunJre1.4.2_19
SunJre1.4.2_20
SunJre1.4.2_21
SunJre1.4.2_22
SunSdk1.4.2_01
SunSdk1.4.2_1
SunSdk1.4.2_2
SunSdk1.4.2_02
SunSdk1.4.2_03
SunSdk1.4.2_3
SunSdk1.4.2_04
SunSdk1.4.2_4
SunSdk1.4.2_5
SunSdk1.4.2_05
SunSdk1.4.2_6
SunSdk1.4.2_06
SunSdk1.4.2_07
SunSdk1.4.2_7
SunSdk1.4.2_8
SunSdk1.4.2_08

Showing 50 of 135 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-3872?
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
How severe is CVE-2009-3872?
Severity scoring for CVE-2009-3872 is pending analysis. The EPSS model estimates a 4.26% probability of exploitation in the next 30 days.
How do I fix CVE-2009-3872?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3872?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST