Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

Published

2007-05-22T00:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.6.0	Yes
Application	sun	jre	1.3.1	Yes
Application	sun	jre	1.3.1_2	Yes
Application	sun	jre	1.3.1_03	Yes
Application	sun	jre	1.3.1_04	Yes
Application	sun	jre	1.3.1_05	Yes
Application	sun	jre	1.3.1_06	Yes
Application	sun	jre	1.3.1_07	Yes
Application	sun	jre	1.3.1_08	Yes
Application	sun	jre	1.3.1_09	Yes
Application	sun	jre	1.3.1_10	Yes
Application	sun	jre	1.3.1_11	Yes
Application	sun	jre	1.3.1_12	Yes
Application	sun	jre	1.3.1_13	Yes
Application	sun	jre	1.3.1_14	Yes
Application	sun	jre	1.3.1_15	Yes
Application	sun	jre	1.3.1_16	Yes
Application	sun	jre	1.3.1_17	Yes
Application	sun	jre	1.3.1_18	Yes
Application	sun	jre	1.3.1_19	Yes
Application	sun	jre	1.3.1_20	Yes
Application	sun	jre	1.4.2	Yes
Application	sun	jre	1.4.2_1	Yes
Application	sun	jre	1.4.2_2	Yes
Application	sun	jre	1.4.2_3	Yes
Application	sun	jre	1.4.2_4	Yes
Application	sun	jre	1.4.2_5	Yes
Application	sun	jre	1.4.2_6	Yes
Application	sun	jre	1.4.2_7	Yes
Application	sun	jre	1.4.2_8	Yes
Application	sun	jre	1.4.2_9	Yes
Application	sun	jre	1.4.2_10	Yes
Application	sun	jre	1.4.2_11	Yes
Application	sun	jre	1.4.2_12	Yes
Application	sun	jre	1.4.2_13	Yes
Application	sun	jre	1.4.2_14	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	sdk	1.3.1	Yes
Application	sun	sdk	1.3.1_01	Yes
Application	sun	sdk	1.3.1_01a	Yes
Application	sun	sdk	1.3.1_02	Yes
Application	sun	sdk	1.3.1_03	Yes
Application	sun	sdk	1.3.1_04	Yes
Application	sun	sdk	1.3.1_05	Yes
Application	sun	sdk	1.3.1_06	Yes
Application	sun	sdk	1.3.1_07	Yes
Application	sun	sdk	1.3.1_08	Yes
Application	sun	sdk	1.3.1_09	Yes
Application	sun	sdk	1.3.1_10	Yes
Application	sun	sdk	1.3.1_11	Yes
Application	sun	sdk	1.3.1_12	Yes
Application	sun	sdk	1.3.1_13	Yes
Application	sun	sdk	1.3.1_14	Yes
Application	sun	sdk	1.3.1_15	Yes
Application	sun	sdk	1.3.1_16	Yes
Application	sun	sdk	1.3.1_17	Yes
Application	sun	sdk	1.3.1_18	Yes
Application	sun	sdk	1.3.1_19	Yes
Application	sun	sdk	1.3.1_20	Yes
Application	sun	sdk	1.4.2	Yes
Application	sun	sdk	1.4.2_1	Yes
Application	sun	sdk	1.4.2_2	Yes
Application	sun	sdk	1.4.2_3	Yes
Application	sun	sdk	1.4.2_4	Yes
Application	sun	sdk	1.4.2_5	Yes
Application	sun	sdk	1.4.2_6	Yes
Application	sun	sdk	1.4.2_7	Yes
Application	sun	sdk	1.4.2_8	Yes
Application	sun	sdk	1.4.2_9	Yes
Application	sun	sdk	1.4.2_10	Yes
Application	sun	sdk	1.4.2_11	Yes
Application	sun	sdk	1.4.2_12	Yes
Application	sun	sdk	1.4.2_13	Yes
Application	sun	sdk	1.4.2_14	Yes

References

http://dev2dev.bea.com/pub/advisory/248 Third Party Advisory ([email protected])
http://docs.info.apple.com/article.html?artnum=307177 Broken Link ([email protected])
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.vmware.com/pipermail/security-announce/2008/000003.html Mailing List, Third Party Advisory ([email protected])
http://scary.beasts.org/security/CESA-2006-004.html Third Party Advisory ([email protected])
http://secunia.com/advisories/25295 Patch, Third Party Advisory ([email protected])
http://secunia.com/advisories/25474 Third Party Advisory ([email protected])
http://secunia.com/advisories/25832 Third Party Advisory ([email protected])
http://secunia.com/advisories/26049 Third Party Advisory ([email protected])
http://secunia.com/advisories/26119 Third Party Advisory ([email protected])
http://secunia.com/advisories/26311 Third Party Advisory ([email protected])
http://secunia.com/advisories/26369 Third Party Advisory ([email protected])
http://secunia.com/advisories/26631 Third Party Advisory ([email protected])
http://secunia.com/advisories/26645 Third Party Advisory ([email protected])
http://secunia.com/advisories/26933 Third Party Advisory ([email protected])
http://secunia.com/advisories/27203 Third Party Advisory ([email protected])
http://secunia.com/advisories/27266 Third Party Advisory ([email protected])
http://secunia.com/advisories/28056 Third Party Advisory ([email protected])
http://secunia.com/advisories/28115 Third Party Advisory ([email protected])
http://secunia.com/advisories/28365 Third Party Advisory ([email protected])
http://secunia.com/advisories/29340 Third Party Advisory ([email protected])
http://secunia.com/advisories/29858 Third Party Advisory ([email protected])
http://secunia.com/advisories/30780 Third Party Advisory ([email protected])
http://secunia.com/advisories/30805 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200706-08.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200804-28.xml Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1 Broken Link ([email protected])
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html Third Party Advisory ([email protected])
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html Third Party Advisory ([email protected])
http://www.attrition.org/pipermail/vim/2007-December/001862.html Third Party Advisory ([email protected])
http://www.attrition.org/pipermail/vim/2007-July/001696.html Third Party Advisory ([email protected])
http://www.attrition.org/pipermail/vim/2007-July/001697.html Third Party Advisory ([email protected])
http://www.attrition.org/pipermail/vim/2007-July/001708.html Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml Third Party Advisory ([email protected])
http://www.kb.cert.org/vuls/id/138545 Third Party Advisory, US Government Resource ([email protected])
http://www.novell.com/linux/security/advisories/2007_45_java.html Third Party Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0817.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0829.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0956.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-1086.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0100.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0133.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0261.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/24004 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/24267 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018182 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/1836 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2007/3009 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2007/4224 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2008/0065 Permissions Required ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/34318 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/34652 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700 Third Party Advisory ([email protected])
http://dev2dev.bea.com/pub/advisory/248 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=307177 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.vmware.com/pipermail/security-announce/2008/000003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://scary.beasts.org/security/CESA-2006-004.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25295 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25474 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25832 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26049 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26119 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26311 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26369 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26631 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26645 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26933 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27266 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28056 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28115 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28365 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29340 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29858 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30780 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30805 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200706-08.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200804-28.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2007-December/001862.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2007-July/001696.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2007-July/001697.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2007-July/001708.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/138545 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_45_java.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0817.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0829.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0956.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-1086.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0100.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0133.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0261.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24004 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24267 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018182 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1836 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3009 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/4224 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0065 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34318 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34652 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)