Sun JDK JPG/BMP Parser Multiple Vulnerabilities

Bugtraq ID: 24004
Class: Boundary Condition Error
CVE: CVE-2007-3005
CVE-2007-3004
CVE-2007-2789
CVE-2007-2788
Remote: Yes
Local: No
Published: May 16 2007 12:00AM
Updated: Jul 02 2008 07:00PM
Credit: Chris Evans is credited with the discovery of these vulnerabilities.
Vulnerable: VMWare VirtualCenter Management Server 2
VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise Desktop 10 SP1
Sun JRE (Solaris Production Release) 1.3.1
Sun JRE (Solaris Production Release) 1.3 _04
Sun JRE (Solaris Production Release) 1.3 _03
Sun JRE (Solaris Production Release) 1.3 _01
Sun JRE (Linux Production Release) 1.5 _07
Sun JRE (Linux Production Release) 1.5 _05
Sun JRE (Linux Production Release) 1.5 _04
Sun JRE (Linux Production Release) 1.5 _03
Sun JRE (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.5 _01
Sun JRE (Linux Production Release) 1.4.2 _09
Sun JRE (Linux Production Release) 1.4.2 _08
Sun JRE (Linux Production Release) 1.4.2 _07
Sun JRE (Linux Production Release) 1.3.1 _19
Sun JRE (Linux Production Release) 1.3.1 _18
Sun JRE (Linux Production Release) 1.3.1 _17
Sun JRE (Linux Production Release) 1.3.1 _16
Sun JRE (Linux Production Release) 1.3.1 _15
Sun JRE (Linux Production Release) 1.3.1 _04
Sun JRE (Linux Production Release) 1.3.1 _01a
Sun JRE (Linux Production Release) 1.5.0_10
Sun JRE (Linux Production Release) 1.5.0_09
Sun JRE (Linux Production Release) 1.5.0_08
Sun JDK (Linux Production Release) 1.5 _07-b03
Sun JDK (Linux Production Release) 1.4.2 _11
Sun JDK (Linux Production Release) 1.4.2 _10
Sun JDK (Linux Production Release) 1.4.2 _06
Sun JDK (Linux Production Release) 1.4.2
+ Apache Software Foundation Xalan-java 2.5.1
+ Apache Software Foundation Xalan-java 2.5.1
Sun JDK (Linux Production Release) 1.4.1 _07
Sun JDK (Linux Production Release) 1.4.1 _01
Sun JDK (Linux Production Release) 1.4.1
+ Apache Software Foundation Xalan-java 2.5.1
+ Apache Software Foundation Xalan-java 2.5.1
Sun JDK 1.5 .0_05
Sun JDK 1.5
Sun JDK 1.4.2 _09
Sun JDK 1.4.2 _08
Sun Java 2 Runtime Environment 1.5 _06
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.4.2 _13
Sun Java 2 Runtime Environment 1.4.2 _12
Sun Java 2 Runtime Environment 1.4.2 _11
Sun Java 2 Runtime Environment 1.4.2 _10
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.4.2
Sun Java 2 Runtime Environment 1.4.1
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 1.3 _05
Sun Java 2 Runtime Environment 1.3 _02
Sun Java 2 Runtime Environment 1.3
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 12.0
Slackware Linux 11.0
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
RedHat Network Satellite (for RHEL 4) 4.2
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux Extras 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop Workstation 5 client
Red Hat Red Hat Network Satellite Server 5.0
Red Hat Network Satellite (for RHEL 3) 4.2
Red Hat Enterprise Linux Supplementary 5 server
Red Hat Enterprise Linux Desktop Supplementary 5 client
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
Gentoo dev-java/ibm-jre-bin 1.5.0.6
Gentoo dev-java/ibm-jre-bin 1.4.2.10
Gentoo dev-java/ibm-jdk-bin 1.5.0.6
Gentoo dev-java/ibm-jdk-bin 1.4.2.10
BEA Systems JRockit 1.4.2
BEA Systems JRockit R27.3.1
BEA Systems JRockit 7.0
BEA Systems JRockit 6
BEA Systems JRockit 5.0
Avaya Interactive Response 1.3
Avaya Interactive Response 2.0
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Not Vulnerable: Sun SDK (Windows Production Release) 1.4.2 _15
Sun SDK (Solaris Production Release) 1.4.2 _15
Sun SDK (Solaris Production Release) 1.3.1_20
Sun SDK (Linux Production Release) 1.4.2 _15
Sun JRE (Linux Production Release) 1.5.0_11
Sun JDK (Windows Production Release) 1.6.0_01
Sun JDK (Linux Production Release) 1.6 _01-b06
Sun JDK (Linux Production Release) 1.6 _01
Sun JDK (Linux Production Release) 1.5 _11-b03
Sun JDK 1.5.0.11
Sun Java 2 Runtime Environment 1.6.0_01
Gentoo dev-java/ibm-jre-bin 1.5.0.7
Gentoo dev-java/ibm-jre-bin 1.4.2.11
Gentoo dev-java/ibm-jdk-bin 1.5.0.7
Gentoo dev-java/ibm-jdk-bin 1.4.2.11


 

Privacy Statement
Copyright 2010, SecurityFocus