CVE-2007-2789
UnknownEPSS 3.48%
Last modified
CVE-2007-2789 is a vulnerability of currently unknown severity. The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.. EPSS estimates a 3.48% chance of exploitation in the next 30 days.
Description
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | 1.5.0 |
| Sun | Jdk | 1.6.0 |
| Sun | Jre | 1.3.1 |
| Sun | Jre | 1.3.1_2 |
| Sun | Jre | 1.3.1_03 |
| Sun | Jre | 1.3.1_04 |
| Sun | Jre | 1.3.1_05 |
| Sun | Jre | 1.3.1_06 |
| Sun | Jre | 1.3.1_07 |
| Sun | Jre | 1.3.1_08 |
| Sun | Jre | 1.3.1_09 |
| Sun | Jre | 1.3.1_10 |
| Sun | Jre | 1.3.1_11 |
| Sun | Jre | 1.3.1_12 |
| Sun | Jre | 1.3.1_13 |
| Sun | Jre | 1.3.1_14 |
| Sun | Jre | 1.3.1_15 |
| Sun | Jre | 1.3.1_16 |
| Sun | Jre | 1.3.1_17 |
| Sun | Jre | 1.3.1_18 |
| Sun | Jre | 1.3.1_19 |
| Sun | Jre | 1.4.2 |
| Sun | Jre | 1.4.2_1 |
| Sun | Jre | 1.4.2_2 |
| Sun | Jre | 1.4.2_3 |
| Sun | Jre | 1.4.2_4 |
| Sun | Jre | 1.4.2_5 |
| Sun | Jre | 1.4.2_6 |
| Sun | Jre | 1.4.2_7 |
| Sun | Jre | 1.4.2_8 |
| Sun | Jre | 1.4.2_9 |
| Sun | Jre | 1.4.2_10 |
| Sun | Jre | 1.4.2_11 |
| Sun | Jre | 1.4.2_12 |
| Sun | Jre | 1.4.2_13 |
| Sun | Jre | 1.4.2_14 |
| Sun | Jre | 1.5.0 |
| Sun | Jre | 1.6.0 |
| Sun | Sdk | 1.3.1 |
| Sun | Sdk | 1.3.1_01 |
| Sun | Sdk | 1.3.1_01a |
| Sun | Sdk | 1.3.1_02 |
| Sun | Sdk | 1.3.1_03 |
| Sun | Sdk | 1.3.1_04 |
| Sun | Sdk | 1.3.1_05 |
| Sun | Sdk | 1.3.1_06 |
| Sun | Sdk | 1.3.1_07 |
| Sun | Sdk | 1.3.1_08 |
| Sun | Sdk | 1.3.1_09 |
| Sun | Sdk | 1.3.1_10 |
Showing 50 of 74 affected configurations. See NVD for the full list.
References
- http://dev2dev.bea.com/pub/advisory/248Third Party Advisory
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlMailing List, Third Party Advisory
- http://scary.beasts.org/security/CESA-2006-004.htmlThird Party Advisory
- http://secunia.com/advisories/25295Patch, Third Party Advisory
- http://secunia.com/advisories/25474Third Party Advisory
- http://secunia.com/advisories/25832Third Party Advisory
- http://secunia.com/advisories/26049Third Party Advisory
- http://secunia.com/advisories/26119Third Party Advisory
- http://secunia.com/advisories/26311Third Party Advisory
- http://secunia.com/advisories/26369Third Party Advisory
- http://secunia.com/advisories/26631Third Party Advisory
- http://secunia.com/advisories/26645Third Party Advisory
- http://secunia.com/advisories/26933Third Party Advisory
- http://secunia.com/advisories/27203Third Party Advisory
- http://secunia.com/advisories/27266Third Party Advisory
- http://secunia.com/advisories/28056Third Party Advisory
- http://secunia.com/advisories/28115Third Party Advisory
- http://secunia.com/advisories/29340Third Party Advisory
- http://secunia.com/advisories/29858Third Party Advisory
- http://secunia.com/advisories/30780Third Party Advisory
- http://secunia.com/advisories/30805Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200706-08.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-28.xmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-December/001862.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001696.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001697.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001708.htmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200705-23.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200709-15.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_45_java.htmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_56_ibmjava.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0817.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0829.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0956.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-1086.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0100.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0133.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0261.htmlThird Party Advisory
- http://www.securityfocus.com/bid/24004Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018182Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1836Permissions Required
- http://www.vupen.com/english/advisories/2007/3009Permissions Required
- http://www.vupen.com/english/advisories/2007/4224Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34320Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34654Third Party Advisory, VDB Entry
- http://dev2dev.bea.com/pub/advisory/248Third Party Advisory
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlMailing List, Third Party Advisory
- http://scary.beasts.org/security/CESA-2006-004.htmlThird Party Advisory
- http://secunia.com/advisories/25295Patch, Third Party Advisory
- http://secunia.com/advisories/25474Third Party Advisory
- http://secunia.com/advisories/25832Third Party Advisory
- http://secunia.com/advisories/26049Third Party Advisory
- http://secunia.com/advisories/26119Third Party Advisory
- http://secunia.com/advisories/26311Third Party Advisory
- http://secunia.com/advisories/26369Third Party Advisory
- http://secunia.com/advisories/26631Third Party Advisory
- http://secunia.com/advisories/26645Third Party Advisory
- http://secunia.com/advisories/26933Third Party Advisory
- http://secunia.com/advisories/27203Third Party Advisory
- http://secunia.com/advisories/27266Third Party Advisory
- http://secunia.com/advisories/28056Third Party Advisory
- http://secunia.com/advisories/28115Third Party Advisory
- http://secunia.com/advisories/29340Third Party Advisory
- http://secunia.com/advisories/29858Third Party Advisory
- http://secunia.com/advisories/30780Third Party Advisory
- http://secunia.com/advisories/30805Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200706-08.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-28.xmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-December/001862.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001696.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001697.htmlThird Party Advisory
- http://www.attrition.org/pipermail/vim/2007-July/001708.htmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200705-23.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200709-15.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_45_java.htmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_56_ibmjava.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0817.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0829.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0956.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-1086.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0100.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0133.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0261.htmlThird Party Advisory
- http://www.securityfocus.com/bid/24004Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018182Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1836Permissions Required
- http://www.vupen.com/english/advisories/2007/3009Permissions Required
- http://www.vupen.com/english/advisories/2007/4224Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34320Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34654Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2789?
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
How severe is CVE-2007-2789?
Severity scoring for CVE-2007-2789 is pending analysis. The EPSS model estimates a 3.48% probability of exploitation in the next 30 days.
How do I fix CVE-2007-2789?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-2789?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST