Bug 2359693 (CVE-2025-30698) - CVE-2025-30698 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
Summary: CVE-2025-30698 openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
Keywords:
Status: NEW
Alias: CVE-2025-30698
Deadline: 2025-04-15
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-15 07:41 UTC by OSIDB Bzimport
Modified: 2025-11-13 23:36 UTC (History)
13 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:7508 0 None None None 2025-05-13 16:01:59 UTC

Description OSIDB Bzimport 2025-04-15 07:41:23 UTC 
The Graphics.copyArea operation with extreme values can trigger a heap corruption scenario.
Comment 1 Mauro Matteo Cascella 2025-04-16 11:45:02 UTC 
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/68d10daabaf9c939a5d2e665994c6d348f38cfd5

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/ea1389c971827876134a6d1d3ab2934681e9f3d6

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/0a89eb2588334226531e8e25ac340eabbc00bd6d

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/3048e287d8ea7d5e0d19d9188eb4212801ebf2a2
Comment 2 Mauro Matteo Cascella 2025-04-16 12:56:32 UTC 
This CVE was fixed in Oracle Java SE 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1.

Release notes:
https://www.oracle.com/java/technologies/javase/8u451-relnotes.html#R180_451
https://www.oracle.com/java/technologies/javase/8u451-perf-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-27-relnotes.html#R11_0_27
https://www.oracle.com/java/technologies/javase/17-0-15-relnotes.html#R17_0_15
https://www.oracle.com/java/technologies/javase/21-0-7-relnotes.html
https://www.oracle.com/java/technologies/javase/24-0-1-relnotes.html
Comment 3 errata-xmlrpc 2025-05-13 16:01:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7508 https://access.redhat.com/errata/RHSA-2025:7508
Comment 4 Pandrhola 2025-07-26 04:11:57 UTC 
(In reply to errata-xmlrpc from comment #3)
> This issue has been addressed in the following products:
> 
>   Red Hat Enterprise Linux 10
> 
> Via RHSA-2025:7508 https://slopeio.org https://access.redhat.com/errata/RHSA-2025:7508

Link ID: Red Hat Product Errata RHSA-2025:7509
Comment 5 seraphina 2025-09-23 06:56:09 UTC Comment hidden (spam)
Comment 6 Cohn Elburn 2025-10-18 09:45:56 UTC 
Play https://paperiogame.io/ to conquer the largest territory.
Comment 8 michaeljordan 2025-10-22 09:40:53 UTC 
(In reply to Pandrhola from comment #4)
> (In reply to errata-xmlrpc from comment #3)
> > This issue has been addressed in the following products:
> > 
> >   Red Hat Enterprise Linux 10
> > 
> > Via RHSA-2025:7508 https://sloperun.io https://access.redhat.com/errata/RHSA-2025:7508
> 
> Link ID: Red Hat Product Errata RHSA-2025:7509
> > Will try this link
Comment 9 auhnaa 2025-11-13 02:35:15 UTC 
As you advance through the game, your goal should not only be to https://steal-brainrot.io but also to reinvest your earnings into stronger defenses and upgrades to secure your base.
Note You need to log in before you can comment on or make changes to this bug.