CVE-2009-3729

JRE TrueType font parsing crash (6815780)

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.

Vulnerabilidad no especificada en la funcionalidad de análisis sintáctico de fuentes TrueType en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de cierto programa de chequeo, también conocido como Bug Id 6815780.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-10-16 CVE Reserved
2009-11-09 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
http://secunia.com/advisories/37386	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7537	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html	2017-09-19
http://java.sun.com/javase/6/webnotes/6u17.html	2017-09-19
http://security.gentoo.org/glsa/glsa-200911-02.xml	2017-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=532904	2009-11-09
https://access.redhat.com/security/cve/CVE-2009-3729	2009-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				<= 1.5.0 Search vendor "Sun" for product "Jre" and version " <= 1.5.0"		update_21		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				<= 1.6.0 Search vendor "Sun" for product "Jre" and version " <= 1.6.0"		update_16		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_11		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_12		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_13		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_14		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_15		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_16		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_17		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_18		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_19		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_20		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_5		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_6		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_7		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_8		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update_9		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.5.0 Search vendor "Sun" for product "Jre" and version "1.5.0"		update10		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_1		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_10		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_11		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_12		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_13		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_14		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_15		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_2		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_3		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_4		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_5		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_6		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_7		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_8		Affected
Sun Search vendor "Sun"		Jre Search vendor "Sun" for product "Jre"				1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0"		update_9		Affected