10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger Java Virtual Machine memory corruption.
advisories.mageia.org/MGASA-2013-0185.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS
lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
marc.info/?l=bugtraq&m=137545505800971&w=2
marc.info/?l=bugtraq&m=137545592101387&w=2
rhn.redhat.com/errata/RHSA-2013-0963.html
rhn.redhat.com/errata/RHSA-2013-1059.html
rhn.redhat.com/errata/RHSA-2013-1060.html
rhn.redhat.com/errata/RHSA-2013-1081.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
secunia.com/advisories/54154
security.gentoo.org/glsa/glsa-201406-32.xml
www-01.ibm.com/support/docview.wss?uid=swg21642336
www.mandriva.com/security/advisories?name=MDVSA-2013:183
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
www.securityfocus.com/bid/60657
www.us-cert.gov/ncas/alerts/TA13-169A
access.redhat.com/errata/RHSA-2014:0414
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=975118
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
rhn.redhat.com/errata/RHBA-2013-0959.html
rhn.redhat.com/errata/RHSA-2013-0957.html