Back to search
CVE-2007-2788
Published: May 22, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26933
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=307177
x_refsource_MISC
26049
third-party-advisory
x_refsource_SECUNIA
BEA07-177.00
vendor-advisory
x_refsource_BEA
26311
third-party-advisory
x_refsource_SECUNIA
20070703 Sun JDK Confusion
mailing-list
x_refsource_VIM
sun-java-image-bo(34652)
vdb-entry
x_refsource_XF
200856
vendor-advisory
x_refsource_SUNALERT
http://scary.beasts.org/security/CESA-2006-004.html
x_refsource_MISC
30805
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0065
vdb-entry
x_refsource_VUPEN
sunjava-iccprofile-overflow(34318)
vdb-entry
x_refsource_XF
VU#138545
third-party-advisory
x_refsource_CERT-VN
GLSA-200705-23
vendor-advisory
x_refsource_GENTOO
24004
vdb-entry
x_refsource_BID
20071218 Sun JDK Confusion Revisited
mailing-list
x_refsource_VIM
26369
third-party-advisory
x_refsource_SECUNIA
GLSA-200804-28
vendor-advisory
x_refsource_GENTOO
102934
vendor-advisory
x_refsource_SUNALERT
28056
third-party-advisory
x_refsource_SECUNIA
29858
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2007:045
vendor-advisory
x_refsource_SUSE
ADV-2007-1836
vdb-entry
x_refsource_VUPEN
APPLE-SA-2007-12-14
vendor-advisory
x_refsource_APPLE
RHSA-2008:0100
vendor-advisory
x_refsource_REDHAT
RHSA-2007:0956
vendor-advisory
x_refsource_REDHAT
RHSA-2007:0817
vendor-advisory
x_refsource_REDHAT
26645
third-party-advisory
x_refsource_SECUNIA
26119
third-party-advisory
x_refsource_SECUNIA
28365
third-party-advisory
x_refsource_SECUNIA
24267
vdb-entry
x_refsource_BID
25832
third-party-advisory
x_refsource_SECUNIA
ADV-2007-4224
vdb-entry
x_refsource_VUPEN
GLSA-200706-08
vendor-advisory
x_refsource_GENTOO
30780
third-party-advisory
x_refsource_SECUNIA
25295
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3009
vdb-entry
x_refsource_VUPEN
27266
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2007:056
vendor-advisory
x_refsource_SUSE
20070711 Sun JDK Confusion
mailing-list
x_refsource_VIM
GLSA-200709-15
vendor-advisory
x_refsource_GENTOO
28115
third-party-advisory
x_refsource_SECUNIA
1018182
vdb-entry
x_refsource_SECTRACK
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
29340
third-party-advisory
x_refsource_SECUNIA
25474
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:1086
vendor-advisory
x_refsource_REDHAT
27203
third-party-advisory
x_refsource_SECUNIA
20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)
mailing-list
x_refsource_VIM
GLSA-200804-20
vendor-advisory
x_refsource_GENTOO
GLSA-200806-11
vendor-advisory
x_refsource_GENTOO
RHSA-2007:0829
vendor-advisory
x_refsource_REDHAT
26631
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11700
vdb-entry
signature
x_refsource_OVAL
RHSA-2008:0133
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now