Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2788Integer Overflow or Wraparound in JDK

CWE-189CWE-190Integer Overflow or Wraparound6 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
48.3%
top 2.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedMay 22
Latest updateMay 1

Description

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDsun/jdk1.5.0, 1.6.0+1
NVDsun/jre37 versions+36
NVDsun/sdk37 versions+36

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-cjwj-wvcj-rr5c: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 12022-05-01
CVEList
CVE-2007-2788: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 12007-05-22

💥Exploits & PoCs

1
Exploit-DB
Sun Java JDK 1.x - Multiple Vulnerabilities2007-05-16

📋Vendor Advisories

2
Red Hat
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit2007-05-21
Red Hat
IBM JDK: Integer overflow in IBM JDK's ICC profile parser2007-04-15
CVE-2007-2788 — Integer Overflow or Wraparound in JDK | cvebase