Sun Java Development Kit (JDK) ICC profile integer overflow (ICC_Profile_Generic_Tag_Overflow)

About this signature or vulnerability

Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, RealSecure Server Sensor, Proventia Network IPS, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Windows), IBM Security Network Protection, IBM Security Host Protection for Servers (Unix):

This signature detects a specially crafted ICC (International Color Consortium) profile with an excessively large tag designed to overflow vulnerable ICC decoders.

Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Network IDS: XPU 32.020, Proventia Network MFS: XPU 32.020, Proventia-G 1.1 and earlier: XPU 32.020, Virtual Server Protection for Vmware: XPU 32.020, Proventia Server IPS for Linux technology: 32.020, RealSecure Server Sensor: XPU 32.020, Proventia Network IPS: XPU 32.020, IBM Security Host Protection for Desktops: 2730, IBM Security Host Protection for Servers (Windows):, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Sun JRE: 1.3.1, Gentoo Linux, SuSE Linux Enterprise Server: 8, Novell UnitedLinux: 1.0, SuSE SuSE Linux OpenExchange Server: 4, SUSE SuSE Linux: 9.0, SuSE SuSE Linux School Server, SuSE SuSE Linux Standard Server: 8, SuSE SuSE SLES: 9, Sun JRE: 1.4.2, Sun JRE: 1.5.0, Sun SDK: 1.4.2, Novell Linux Desktop: 9, Novell Open Enterprise: Server, SUSE SuSE Linux: 10.0, Sun JRE: 1.5.0 Update3, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Novell SLE SDK: 10, SuSE Linux Enterprise Server: 9, Novell SUSE Linux Enterprise Server: 10, SuSE SuSE Linux Retail Solution: 8, Novell Linux POS: 9, Sun JRE: 1.6.0, Sun JDK: 1.6.0, Sun JDK: 1.5.0 Update10, Sun JRE: 1.5.0 Update7, Sun JRE: 1.5.0 Update8, Sun JRE: 1.5.0 Update9, Sun JRE: 1.5.0 Update10, Sun SDK: 1.4.2_11, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_14, Novell SUSE Linux Enterprise Server: 10 SP1, Novell SUSE Linux Enterprise Desktop: 10 SP1, Novell SLE SDK: 10 SP1, RedHat Network Satellite Server: 5.0, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, RedHat RHEL Supplementary: 5.1.z EUS, RedHat RHEL Extras: 4.6.z, RedHat Network Satellite Server: 4.2, Novell Open Enterprise Server, Sun JDK: 1.5.0, Sun JDK: 1.5.0 Update1, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update8, Sun JDK: 1.5.0 Update9, Sun JRE: 1.3.1 Update1, Sun JRE: 1.3.1 Update15, Sun JRE: 1.3.1 Update16, Sun JRE: 1.3.1 Update18, Sun JRE: 1.3.1 Update19, Sun JRE: 1.3.1 Update1a, Sun JRE: 1.3.1 Update20, Sun JRE: 1.3.1 Update4, Sun JRE: 1.3.1 Update8, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update2, Sun JRE: 1.4.2 Update3, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update5, Sun JRE: 1.4.2 Update6, Sun JRE: 1.4.2 Update7, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update9, Sun JRE: 1.5.0 Update1, Sun JRE: 1.5.0 Update2, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update5, Sun JRE: 1.5.0 Update6, Sun SDK: 1.3.0, Sun SDK: 1.3.1_01, Sun SDK: 1.3.1_01a, Sun SDK: 1.3.1_16, Sun SDK: 1.3.1_18, Sun SDK: 1.3.1_19, Sun SDK: 1.3.1_20, Sun SDK: 1.4.2_03, Sun SDK: 1.4.2_08, Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_10, Novell OpenSUSE: 10.2, Sun SDK: 1.4.2_04, Sun SDK: 1.4.2_02, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_06, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_01, Sun SDK: 1.3.1_02, Sun SDK: 1.3.1_04, Sun SDK: 1.3.1_05, Sun SDK: 1.3.1_06, Sun SDK: 1.3.1_07, Sun SDK: 1.3.1_08, Sun SDK: 1.3.1_09, Sun SDK: 1.3.1_10, Sun SDK: 1.3.1_11, Sun SDK: 1.3.1_12, Sun SDK: 1.3.1_13, Sun SDK: 1.3.1_14, Sun SDK: 1.3.1_15, Sun SDK: 1.3.1_17, Sun JRE: 1.3.1 Update2, Sun JRE: 1.3.1 Update3, Sun JRE: 1.3.1 Update5, Sun JRE: 1.3.1 Update6, Sun JRE: 1.3.1 Update7, Sun JRE: 1.3.1 Update9, Sun JRE: 1.3.1 Update10, Sun JRE: 1.3.1 Update11, Sun JRE: 1.3.1 Update12, Sun JRE: 1.3.1 Update13, Sun JRE: 1.3.1 Update14, Sun JRE: 1.3.1 Update17, Sun SDK: 1.3.0_05, Sun SDK: 1.3.0_02, Sun SDK: 1.3.1_03


Unauthorized Access Attempt

Vulnerability description

Sun Java Development Kit (JDK) is vulnerable to an integer overflow, caused by improper bounds checking by the embedded ICC profile image parser. By creating a specially-crafted JPEG or Bitmap image, a remote attacker could execute arbitrary code on the system if the attacker could persuade the victim to view the malicious image.

How to remove this vulnerability

Upgrade to the latest version of Sun JDK (1.5.0_07-b03 or 1.6.0_01-b06 or later), available from the Sun Microsystems Web site. See References.

For Gentoo Linux (Sun JDK/JRE):
Refer to GLSA 200705-23 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (emul-linux-x86-java):
Refer to GLSA 200706-08 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (BEA JRockit):
Refer to GLSA 200709-15 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.


Chris Evans Security Advisory CESA-2006-004
JDK image parsing library vulnerabilities (ICC parsing, BMP parsing)

Sun Microsystems Web site
Java SE Downloads

GLSA 200705-23
Sun JDK/JRE: Multiple vulnerabilities

GLSA 200706-08
emul-linux-x86-java: Multiple vulnerabilities

GLSA 200709-15
BEA JRockit: Multiple vulnerabilities

18 Oct 2007 IBM Java Security problems

Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

ISS X-Force
Sun Java Development Kit (JDK) ICC profile integer overflow