• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun JDK JPG/BMP Parser Multiple Vulnerabilities

Bugtraq ID:	24004
Class:	Boundary Condition Error
CVE:	CVE-2007-3005 CVE-2007-3004 CVE-2007-2789 CVE-2007-2788
Remote:	Yes
Local:	No
Published:	May 16 2007 12:00AM
Updated:	Jul 02 2008 07:00PM
Credit:	Chris Evans is credited with the discovery of these vulnerabilities.
Vulnerable:	VMWare VirtualCenter Management Server 2 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 Sun JRE (Solaris Production Release) 1.3.1 Sun JRE (Solaris Production Release) 1.3 _04 Sun JRE (Solaris Production Release) 1.3 _03 Sun JRE (Solaris Production Release) 1.3 _01 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.3.1 _19 Sun JRE (Linux Production Release) 1.3.1 _18 Sun JRE (Linux Production Release) 1.3.1 _17 Sun JRE (Linux Production Release) 1.3.1 _16 Sun JRE (Linux Production Release) 1.3.1 _15 Sun JRE (Linux Production Release) 1.3.1 _04 Sun JRE (Linux Production Release) 1.3.1 _01a Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JDK 1.5 _07-b03 Sun JDK 1.5 .0_05 Sun JDK 1.5 Sun JDK 1.4.2 _11 Sun JDK 1.4.2 _10 Sun JDK 1.4.2 _09 Sun JDK 1.4.2 _08 Sun JDK 1.4.2 _06 Sun JDK 1.4.2 + Apache Software Foundation Xalan-java 2.5.1 Sun JDK 1.4.1 _07 Sun JDK 1.4.1 _01 Sun JDK 1.4.1 + Apache Software Foundation Xalan-java 2.5.1 Sun Java 2 Runtime Environment 1.5 _06 Sun Java 2 Runtime Environment 1.5 Sun Java 2 Runtime Environment 1.4.2 _13 Sun Java 2 Runtime Environment 1.4.2 _12 Sun Java 2 Runtime Environment 1.4.2 _11 Sun Java 2 Runtime Environment 1.4.2 _10 Sun Java 2 Runtime Environment 1.4.2 _09 Sun Java 2 Runtime Environment 1.4.2 _08 Sun Java 2 Runtime Environment 1.4.2 _07 Sun Java 2 Runtime Environment 1.4.2 _06 Sun Java 2 Runtime Environment 1.4.2 _05 Sun Java 2 Runtime Environment 1.4.2 _04 Sun Java 2 Runtime Environment 1.4.2 _03 + Oracle Oracle10g Application Server 10.1 .0.2 + Oracle Oracle10g Application Server 10.1 .0.2 + Oracle Oracle10g Application Server 10.1 .0.2 + Oracle Oracle10g Enterprise Edition 10.1 .0.2 + Oracle Oracle10g Enterprise Edition 10.1 .0.2 + Oracle Oracle10g Enterprise Edition 10.1 .0.2 + Oracle Oracle10g Personal Edition 10.1 .0.2 + Oracle Oracle10g Personal Edition 10.1 .0.2 + Oracle Oracle10g Personal Edition 10.1 .0.2 + Oracle Oracle10g Standard Edition 10.1 .0.2 Sun Java 2 Runtime Environment 1.4.2 _02 Sun Java 2 Runtime Environment 1.4.2 _01 Sun Java 2 Runtime Environment 1.4.2 Sun Java 2 Runtime Environment 1.4.1 Sun Java 2 Runtime Environment 1.3.1 _08 Sun Java 2 Runtime Environment 1.3.1 _01 Sun Java 2 Runtime Environment 1.3 _05 Sun Java 2 Runtime Environment 1.3 _02 Sun Java 2 Runtime Environment 1.3 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.0 Slackware Linux 11.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Red Hat Network Satellite Server 5.0 RedHat Network Satellite (for RHEL 4) 4.2 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop Supplementary 5 client RedHat Enterprise Linux AS 2.1 RedHat Network Satellite (for RHEL 3) 4.2 Gentoo Linux Gentoo dev-java/ibm-jre-bin 1.5 6 Gentoo dev-java/ibm-jre-bin 1.4.2 10 Gentoo dev-java/ibm-jdk-bin 1.5 6 Gentoo dev-java/ibm-jdk-bin 1.4.2 10 BEA Systems JRockit 1.4.2 BEA Systems JRockit R27.3.1 BEA Systems JRockit 7.0 BEA Systems JRockit 6 BEA Systems JRockit 5.0 Avaya Interactive Response 1.3 Avaya Interactive Response 2.0 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10
Not Vulnerable:	Sun SDK (Windows Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.3.1_20 Sun SDK (Linux Production Release) 1.4.2 _15 Sun JRE (Linux Production Release) 1.5.0_11 Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK (Linux Production Release) 1.6.0_01 Sun JDK 1.6 _01-b06 Sun JDK 1.5 _11-b03 Sun JDK 1.5.0.11 Sun Java 2 Runtime Environment 1.6.0_01 Gentoo dev-java/ibm-jre-bin 1.5 7 Gentoo dev-java/ibm-jre-bin 1.4.2 11 Gentoo dev-java/ibm-jdk-bin 1.5 7 Gentoo dev-java/ibm-jdk-bin 1.4.2 11