9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger Java Virtual Machine memory corruption.
advisories.mageia.org/MGASA-2013-0185.html
hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS
lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
marc.info/?l=bugtraq&m=137545505800971&w=2
rhn.redhat.com/errata/RHSA-2013-0963.html
rhn.redhat.com/errata/RHSA-2013-1060.html
secunia.com/advisories/54154
security.gentoo.org/glsa/glsa-201406-32.xml
www-01.ibm.com/support/docview.wss?uid=swg21642336
www.mandriva.com/security/advisories?name=MDVSA-2013:183
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
www.us-cert.gov/ncas/alerts/TA13-169A
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=975122
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17116
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19129
rhn.redhat.com/errata/RHBA-2013-0959.html
rhn.redhat.com/errata/RHSA-2013-0957.html