Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0243Improper Restriction of Operations within the Bounds of a Memory Buffer in JDK

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
42.8%
top 2.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedJan 17
Latest updateMay 1

Description

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDsun/jdk1.5.0+1
NVDsun/jre1.3.1+14
NVDsun/sdk10 versions+9

Patches

Patch: sunsolve.sun.comPatch: www.zerodayinitiative.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-qj96-m693-9g56: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 52022-05-01
CVEList
CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 52007-01-17

💥Exploits & PoCs

1
Exploit-DB
Sun Microsystems Java - '.GIF' File Parsing Memory Corruption2007-01-21

📋Vendor Advisories

1
Red Hat
java-jre: GIF buffer overflow2007-01-17

💬Community

7
Bugzilla
CVE-2007-0243 java-jre: GIF buffer overflow2007-10-10
Bugzilla
CVE-2007-0243 GIF buffer overflow2007-04-20
Bugzilla
CVE-2007-0243 GIF buffer overflow2007-04-20
Bugzilla
CVE-2007-0243 GIF buffer overflow2007-04-20
Bugzilla
CVE-2007-0243 GIF buffer overflow2007-04-18
CVE-2007-0243 — SUN JDK vulnerability | cvebase