National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2009-1099 Detail

Current Description

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.

Source:  MITRE      Last Modified:  03/25/2009      View Analysis Description

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source HP SSRT090058 External Source IDEFENSE 20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability External Source SUSE SUSE-SA:2009:016 External Source SUSE SUSE-SA:2009:029 External Source SUSE SUSE-SR:2009:011 External Source SUSE SUSE-SA:2009:036 External Source HP HPSBUX02429 External Source GENTOO GLSA-200911-02 Patch; Vendor Advisory External Source MISC Patch; Vendor Advisory External Source SUNALERT 254571 External Source CONFIRM External Source CONFIRM External Source CONFIRM External Source REDHAT RHSA-2009:0392 External Source REDHAT RHSA-2009:0394 External Source REDHAT RHSA-2009:1038 External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components External Source BID 34240 External Source SECTRACK 1021913 External Source CONFIRM Vendor Advisory External Source VUPEN ADV-2009-1426 Vendor Advisory External Source VUPEN ADV-2009-3316 External Source OVAL oval:org.mitre.oval:def:5726 External Source REDHAT RHSA-2009:1198

References to Check Content

Check System:

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes