Heap-based Buffer Overflow Affecting org.graalvm.sdk:graal-sdk package, versions [,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGGRAALVMSDK-9728203
  • published17 Apr 2025
  • disclosed15 Apr 2025
  • creditUnknown

Introduced: 15 Apr 2025

NewCVE-2025-30698  (opens in a new tab)
CWE-122  (opens in a new tab)

How to fix?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

Overview

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Graphics.copyArea functionality in client-libs/2d. An attacker can manipulate memory and potentially execute code.

CVSS Base Scores

version 4.0
version 3.1