CVE-2013-1493

2013-03-0400:00:00

ubuntu.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

The color management (CMM) functionality in the 2D component in Oracle Java
SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and
earlier allows remote attackers to execute arbitrary code or cause a denial
of service (crash) via an image with crafted raster parameters, which
triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as
exploited in the wild in February 2013.

Notes

Author	Note
mdeslaur	in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand	sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-03-05, no patches for openjdk-7

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~8.04.2UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~10.04.1UNKNOWN
ubuntu11.10noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~11.10.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~12.10.1UNKNOWN
ubuntu11.10noarchopenjdk-7< 7u15-2.3.7-0ubuntu1~11.10.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u15-2.3.7-0ubuntu1~12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u15-2.3.7-0ubuntu1~12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~8.04.2	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~10.04.1	UNKNOWN
ubuntu	11.10	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~11.10.1	UNKNOWN
ubuntu	12.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~12.10.1	UNKNOWN
ubuntu	11.10	noarch	openjdk-7	< 7u15-2.3.7-0ubuntu1~11.10.1	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u15-2.3.7-0ubuntu1~12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-7	< 7u15-2.3.7-0ubuntu1~12.10.1	UNKNOWN