7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger Java Virtual Machine memory corruption.
advisories.mageia.org/MGASA-2013-0185.html
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS
marc.info/?l=bugtraq&m=137545505800971&w=2
marc.info/?l=bugtraq&m=137545592101387&w=2
rhn.redhat.com/errata/RHSA-2013-0963.html
seclists.org/fulldisclosure/2014/Dec/23
secunia.com/advisories/54154
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:183
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/60645
www.us-cert.gov/ncas/alerts/TA13-169A
www.vmware.com/security/advisories/VMSA-2014-0012.html
access.redhat.com/errata/RHSA-2014:0414
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=975126
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582
rhn.redhat.com/errata/RHBA-2013-0959.html
rhn.redhat.com/errata/RHSA-2013-0957.html