7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.245 Low
EPSS
Percentile
96.6%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to
affect confidentiality, integrity, and availability via unknown vectors
related to ImageIO. NOTE: the previous information is from the April 2013
CPU. Oracle has not commented on claims from another vendor that this issue
is related to “JPEGImageWriter state corruption” when using native code,
which triggers memory corruption.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-04-19, IcedTea has not released 2.3.9 or 1.12.5 to fix this issue |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-6 | < 6b27-1.12.5-1ubuntu1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-7 | < 7u21-2.3.9-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u21-2.3.9-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 7u21-2.3.9-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-7 | < 7u21-2.3.9-1ubuntu1 | UNKNOWN |
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
launchpad.net/bugs/cve/CVE-2013-2429
nvd.nist.gov/vuln/detail/CVE-2013-2429
security-tracker.debian.org/tracker/CVE-2013-2429
ubuntu.com/security/notices/USN-1806-1
ubuntu.com/security/notices/USN-1819-1
www.cve.org/CVERecord?id=CVE-2013-2429