Vulnerability Name:

CVE-2007-2788 (CCN-34318)

Assigned:2007-05-15
Published:2007-05-15
Updated:2019-08-01
Summary:Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2788

Source: BEA
Type: Third Party Advisory
BEA07-177.00

Source: CCN
Type: Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

Source: MISC
Type: Broken Link
http://docs.info.apple.com/article.html?artnum=307177

Source: CCN
Type: Sun Microsystems Web site
Java SE Downloads

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2007-12-14

Source: MLIST
Type: Mailing List, Third Party Advisory
[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1

Source: CCN
Type: RHSA-2007-0817
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2007-0829
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2007-0956
Moderate: java-1.5.0-bea security update

Source: CCN
Type: RHSA-2007-1086
Moderate: java-1.4.2-bea security update

Source: CCN
Type: RHSA-2008-0100
Moderate: java-1.4.2-bea security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: Chris Evans Security Advisory CESA-2006-004
JDK image parsing library vulnerabilities (ICC parsing, BMP parsing)

Source: MISC
Type: Third Party Advisory
http://scary.beasts.org/security/CESA-2006-004.html

Source: CCN
Type: SA25295
Sun JDK and JRE ICC and BMP Parser Vulnerabilities

Source: SECUNIA
Type: Patch, Third Party Advisory
25295

Source: SECUNIA
Type: Third Party Advisory
25474

Source: SECUNIA
Type: Third Party Advisory
25832

Source: SECUNIA
Type: Third Party Advisory
26049

Source: SECUNIA
Type: Third Party Advisory
26119

Source: SECUNIA
Type: Third Party Advisory
26311

Source: SECUNIA
Type: Third Party Advisory
26369

Source: CCN
Type: SA26631
BEA JRockit Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
26631

Source: SECUNIA
Type: Third Party Advisory
26645

Source: SECUNIA
Type: Third Party Advisory
26933

Source: SECUNIA
Type: Third Party Advisory
27203

Source: SECUNIA
Type: Third Party Advisory
27266

Source: SECUNIA
Type: Third Party Advisory
28056

Source: CCN
Type: SA28115
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
28115

Source: CCN
Type: SA28365
VMware ESX Server and VirtualCenter Multiple Security Updates

Source: SECUNIA
Type: Third Party Advisory
28365

Source: SECUNIA
Type: Third Party Advisory
29340

Source: SECUNIA
Type: Third Party Advisory
29858

Source: SECUNIA
Type: Third Party Advisory
30780

Source: SECUNIA
Type: Third Party Advisory
30805

Source: GENTOO
Type: Third Party Advisory
GLSA-200706-08

Source: GENTOO
Type: Third Party Advisory
GLSA-200804-28

Source: CCN
Type: SECTRACK ID: 1018182
Sun Java Runtime Environment Buffer Overflow in Applet Image Parsing Lets Remote Users Gain Privileges

Source: SUNALERT
Type: Broken Link
102934

Source: SUNALERT
Type: Broken Link
200856

Source: CCN
Type: ASA-2007-343
java-1.5.0-ibm security update (RHSA-2007-0829)

Source: CCN
Type: ASA-2007-465
java-1.5.0-bea security update (RHSA-2007-0956)

Source: CCN
Type: ASA-2007-517
java-1.4.2-bea security update (RHSA-2007-1086)

Source: CCN
Type: ASA-2008-116
java-1.4.2-bea security update (RHSA-2008-0100)

Source: CONFIRM
Type: Third Party Advisory
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

Source: CONFIRM
Type: Third Party Advisory
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html

Source: VIM
Type: Third Party Advisory
20071218 Sun JDK Confusion Revisited

Source: VIM
Type: Third Party Advisory
20070703 Sun JDK Confusion

Source: VIM
Type: Third Party Advisory
20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)

Source: VIM
Type: Third Party Advisory
20070711 Sun JDK Confusion

Source: CCN
Type: GLSA 200804-28
JRockit: Multiple vulnerabilities

Source: CCN
Type: GLSA-200705-23
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200705-23

Source: CCN
Type: GLSA-200706-08
emul-linux-x86-java: Multiple vulnerabilities

Source: CCN
Type: GLSA-200709-15
BEA JRockit: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200709-15

Source: CCN
Type: GLSA-200804-20
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200804-20

Source: GENTOO
Type: Third Party Advisory
GLSA-200806-11

Source: CCN
Type: US-CERT VU#138545
Java Runtime Environment Image Parsing Code buffer overflow vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#138545

Source: SUSE
Type: Third Party Advisory
SUSE-SA:2007:045

Source: SUSE
Type: Third Party Advisory
SUSE-SA:2007:056

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0817

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0829

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0956

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:1086

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0100

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0133

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0261

Source: BID
Type: Third Party Advisory, VDB Entry
24004

Source: CCN
Type: BID-24004
Sun JDK JPG/BMP Parser Multiple Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
24267

Source: CCN
Type: BID-24267
RETIRED: Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1018182

Source: VUPEN
Type: Permissions Required
ADV-2007-1836

Source: VUPEN
Type: Permissions Required
ADV-2007-3009

Source: VUPEN
Type: Permissions Required
ADV-2007-4224

Source: VUPEN
Type: Permissions Required
ADV-2008-0065

Source: XF
Type: Third Party Advisory, VDB Entry
sunjava-iccprofile-overflow(34318)

Source: XF
Type: UNKNOWN
sunjava-iccprofile-overflow(34318)

Source: XF
Type: Third Party Advisory, VDB Entry
sun-java-image-bo(34652)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11700

Source: SUSE
Type: SUSE-SA:2007:045
IBM and Sun Java security problems

Source: SUSE
Type: SUSE-SA:2007:056
IBM Java Security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1_20:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:sun:sdk:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update18:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update17:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072788
    V
    CVE-2007-2788
    2022-05-20
    oval:org.opensuse.security:def:31750
    P
    Security update for java-1_7_1-ibm (Moderate) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:31701
    P
    Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:42127
    P
    Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:31274
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:31253
    P
    Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:31645
    P
    Security update for ovmf (Important)
    2021-06-22
    oval:org.opensuse.security:def:31642
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31200
    P
    Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:31188
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:31189
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26047
    P
    Security update for xen (Important)
    2021-05-12
    oval:org.opensuse.security:def:31345
    P
    Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:32008
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:35720
    P
    java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41974
    P
    java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35567
    P
    java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31903
    P
    Security update for fontconfig (Low)
    2020-12-01
    oval:org.opensuse.security:def:25119
    P
    Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25748
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25697
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26720
    P
    java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31855
    P
    Security update for crash (Low)
    2020-12-01
    oval:org.opensuse.security:def:31942
    P
    Security update for gnome-session (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25130
    P
    Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25797
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25271
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25848
    P
    Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31402
    P
    Security update for perl-DBD-mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32493
    P
    bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31406
    P
    Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31964
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25194
    P
    Security update for adns (Important)
    2020-12-01
    oval:org.opensuse.security:def:25836
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25272
    P
    Security update for vino (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25901
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31489
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32532
    P
    java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31498
    P
    Security update for python-numpy (Important)
    2020-12-01
    oval:org.opensuse.security:def:25322
    P
    Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25850
    P
    Security update for libreoffice (Low)
    2020-12-01
    oval:org.opensuse.security:def:25283
    P
    Security update for SUSE Manager Client Tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25950
    P
    Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:31035
    P
    Security update for jpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31555
    P
    Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32646
    P
    curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25403
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25894
    P
    Security update for gstreamer-0_10-plugins-bad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25347
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31036
    P
    Security update for kdebase4-workspace
    2020-12-01
    oval:org.opensuse.security:def:32685
    P
    java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25460
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26532
    P
    cron on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25475
    P
    Security update for libssh (Important)
    2020-12-01
    oval:org.opensuse.security:def:26003
    P
    Security update for yaml-cpp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31047
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31798
    P
    Security update for OpenEXR (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25544
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26567
    P
    java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25556
    P
    Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31121
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31789
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31854
    P
    Security update for cracklib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25118
    P
    Security update for lftp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25695
    P
    Security update for gcc9 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25613
    P
    Security update for libsolv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26685
    P
    dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31811
    P
    Security update for apache2 (Important)
    2020-12-01
    oval:org.mitre.oval:def:22301
    P
    ELSA-2008:0100: java-1.4.2-bea security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:22641
    P
    ELSA-2007:0956: java-1.5.0-bea security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21711
    P
    ELSA-2007:0817: java-1.4.2-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:21855
    P
    ELSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:11700
    V
    Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
    2010-09-06
    oval:com.redhat.rhsa:def:20080100
    P
    RHSA-2008:0100: java-1.4.2-bea security update (Moderate)
    2008-03-11
    oval:com.redhat.rhsa:def:20070956
    P
    RHSA-2007:0956: java-1.5.0-bea security update (Moderate)
    2007-11-29
    oval:com.redhat.rhsa:def:20070817
    P
    RHSA-2007:0817: java-1.4.2-ibm security update (Critical)
    2007-08-07
    oval:com.redhat.rhsa:def:20070829
    P
    RHSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2007-08-07
    BACK
    sun jdk 1.5.0 -
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update10
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jdk 1.5.0 update6
    sun jdk 1.5.0 update7
    sun jdk 1.5.0 update8
    sun jdk 1.5.0 update9
    sun jdk 1.6.0 -
    sun jre 1.3.1 -
    sun jre 1.3.1_2
    sun jre 1.3.1_03
    sun jre 1.3.1_04
    sun jre 1.3.1_05
    sun jre 1.3.1_06
    sun jre 1.3.1_07
    sun jre 1.3.1_08
    sun jre 1.3.1_09
    sun jre 1.3.1_10
    sun jre 1.3.1_11
    sun jre 1.3.1_12
    sun jre 1.3.1_13
    sun jre 1.3.1_14
    sun jre 1.3.1_15
    sun jre 1.3.1_16
    sun jre 1.3.1_17
    sun jre 1.3.1_18
    sun jre 1.3.1_19
    sun jre 1.3.1_20
    sun jre 1.4.2 -
    sun jre 1.4.2_1
    sun jre 1.4.2_2
    sun jre 1.4.2_3
    sun jre 1.4.2_4
    sun jre 1.4.2_5
    sun jre 1.4.2_6
    sun jre 1.4.2_7
    sun jre 1.4.2_8
    sun jre 1.4.2_9
    sun jre 1.4.2_10
    sun jre 1.4.2_11
    sun jre 1.4.2_12
    sun jre 1.4.2_13
    sun jre 1.4.2_14
    sun jre 1.5.0 -
    sun jre 1.5.0 update1
    sun jre 1.5.0 update10
    sun jre 1.5.0 update2
    sun jre 1.5.0 update3
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun jre 1.5.0 update7
    sun jre 1.5.0 update8
    sun jre 1.5.0 update9
    sun jre 1.6.0 -
    sun sdk 1.3.1
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    sun sdk 1.3.1_02
    sun sdk 1.3.1_03
    sun sdk 1.3.1_04
    sun sdk 1.3.1_05
    sun sdk 1.3.1_06
    sun sdk 1.3.1_07
    sun sdk 1.3.1_08
    sun sdk 1.3.1_09
    sun sdk 1.3.1_10
    sun sdk 1.3.1_11
    sun sdk 1.3.1_12
    sun sdk 1.3.1_13
    sun sdk 1.3.1_14
    sun sdk 1.3.1_15
    sun sdk 1.3.1_16
    sun sdk 1.3.1_17
    sun sdk 1.3.1_18
    sun sdk 1.3.1_19
    sun sdk 1.3.1_20
    sun sdk 1.4.2
    sun sdk 1.4.2_1
    sun sdk 1.4.2_2
    sun sdk 1.4.2_3
    sun sdk 1.4.2_4
    sun sdk 1.4.2_5
    sun sdk 1.4.2_6
    sun sdk 1.4.2_7
    sun sdk 1.4.2_8
    sun sdk 1.4.2_9
    sun sdk 1.4.2_10
    sun sdk 1.4.2_11
    sun sdk 1.4.2_12
    sun sdk 1.4.2_13
    sun sdk 1.4.2_14
    sun jre 1.3.1
    sun jre 1.4.2
    sun jre 1.5.0
    sun sdk 1.4.2
    sun jre 1.5.0 update3
    sun jre 1.6.0
    sun jdk 1.6.0
    sun jdk 1.5.0 update10
    sun jre 1.5.0 update7
    sun jre 1.5.0 update8
    sun jre 1.5.0 update9
    sun jre 1.5.0 update10
    sun sdk 1.4.2_11
    sun sdk 1.4.2_12
    sun sdk 1.4.2_13
    sun sdk 1.4.2_14
    sun jdk 1.5.0
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jdk 1.5.0 update6
    sun jdk 1.5.0 update7
    sun jdk 1.5.0 update7_b03
    sun jdk 1.5.0 update8
    sun jdk 1.5.0 update9
    sun jre 1.3.1 update1
    sun jre 1.3.1 update15
    sun jre 1.3.1 update16
    sun jre 1.3.1 update18
    sun jre 1.3.1 update19
    sun jre 1.3.1 update1a
    sun jre 1.3.1 update20
    sun jre 1.3.1 update4
    sun jre 1.3.1 update8
    sun jre 1.4.2 update1
    sun jre 1.4.2 update2
    sun jre 1.4.2 update3
    sun jre 1.4.2 update4
    sun jre 1.4.2 update5
    sun jre 1.5.0 update1
    sun jre 1.5.0 update2
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun sdk 1.3.0
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    sun sdk 1.3.1_16
    sun sdk 1.3.1_18
    sun sdk 1.3.1_19
    sun sdk 1.3.1_20
    sun sdk 1.4.2_03
    sun sdk 1.4.2_08
    sun sdk 1.4.2_09
    sun sdk 1.4.2_10
    sun sdk 1.4.2_04
    sun sdk 1.4.2_02
    sun sdk 1.4.2_05
    sun sdk 1.4.2_06
    sun sdk 1.4.2_07
    sun sdk 1.4.2_01
    sun sdk 1.3.1_02
    sun sdk 1.3.1_04
    sun sdk 1.3.1_05
    sun sdk 1.3.1_06
    sun sdk 1.3.1_07
    sun sdk 1.3.1_08
    sun sdk 1.3.1_09
    sun sdk 1.3.1_10
    sun sdk 1.3.1_11
    sun sdk 1.3.1_12
    sun sdk 1.3.1_13
    sun sdk 1.3.1_14
    sun sdk 1.3.1_15
    sun sdk 1.3.1_17
    sun jre 1.3.1 update2
    sun jre 1.3.1 update12
    sun jre 1.3.1 update17
    sun sdk 1.3.0_05
    sun sdk 1.3.0_02
    sun sdk 1.3.1_03
    gentoo linux *
    suse linux enterprise server 8
    suse suse linux 9.0
    suse suse linux school server -
    novell linux desktop 9
    novell open enterprise server *
    suse suse linux 10.0
    redhat rhel extras 3
    redhat rhel extras 4
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    novell open enterprise server *
    novell opensuse 10.2