PT-2014-2996 · Ibm+6 · Icu Layout Engine+10

Tomas Hoger

·

Publicado

2014-01-15

·

Atualizado

2024-06-15

·

CVE-2013-5907

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u55, 6u65, and 7u45 JRockit versions R27.7.7 and R28.2.9 Java SE Embedded version 7u45 OpenJDK version 7
Description The issue affects confidentiality, integrity, and availability via unknown vectors related to 2D. It is reportedly due to incorrect input validation in the ICU Layout Engine, which allows attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file.
Recommendations For Oracle Java SE versions 5.0u55, 6u65, and 7u45, update to a version that is not affected by this issue. For JRockit versions R27.7.7 and R28.2.9, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK version 7, update to a version that is not affected by this issue. As a temporary workaround, consider disabling the use of crafted font files to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CESA-2014_0026
CESA-2014_0097
CVE-2013-5907
HPSBUX02972
HPSBUX02973
MGASA-2014-0023
OPENSUSE-SU-2024:10534-1
RHSA-2014:0026
RHSA-2014:0027
RHSA-2014:0030
RHSA-2014:0097
RHSA-2014:0134
RHSA-2014:0135
RHSA-2014:0136
RHSA-2014:0414
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0026
RHSA-2014_0027
RHSA-2014_0030
RHSA-2014_0097
RHSA-2014_0134
RHSA-2014_0135
RHSA-2014_0136
RHSA-2014_0414
RHSA-2014_0705
ZDI-14-013
ZDI-14-038

Produtos afetados

Centos
Hp-Ux
Ibm Aix
Icu Layout Engine
Jrockit
Java Platform
Java Se Embedded
Openjdk
Oracle Java Se
Red Hat
Suse