PT-2013-3160 · Openjdk+5 · Openjdk+6

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-1478

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 1.4.2 40 and earlier Oracle Java SE versions 5.0 through Update 38 Oracle Java SE versions 6 through Update 38 Oracle Java SE versions 7 through Update 11 OpenJDK versions 6 and 7
Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. It is reportedly related to insufficient validation of raster parameters that can trigger an integer overflow and memory corruption.
Recommendations For Oracle Java SE versions 1.4.2 40 and earlier, update to a version later than 1.4.2 40. For Oracle Java SE versions 5.0 through Update 38, update to a version later than Update 38. For Oracle Java SE versions 6 through Update 38, update to a version later than Update 38. For Oracle Java SE versions 7 through Update 11, update to a version later than Update 11. For OpenJDK versions 6 and 7, update to a version later than 6 and 7 respectively.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-1478
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0624
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0624
RHSA-2013_0625
RHSA-2013_0626

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse