PT-2013-3175 · Oracle+4 · Java Se+5

Published

2013-03-04

Updated

2024-06-15

CVE-2013-1493

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0 Update 40 and earlier Oracle Java SE versions 6 Update 41 and earlier Oracle Java SE versions 7 Update 15 and earlier

Description The color management functionality in the 2D component allows remote attackers to execute arbitrary code or cause a denial of service via an image with crafted raster parameters, which triggers an out-of-bounds read or memory corruption in the JVM. This issue has been exploited in the wild.

Recommendations For Oracle Java SE versions 5.0 Update 40 and earlier, update to a version later than Update 40 to resolve the issue. For Oracle Java SE versions 6 Update 41 and earlier, update to a version later than Update 41 to resolve the issue. For Oracle Java SE versions 7 Update 15 and earlier, update to a version later than Update 15 to resolve the issue.

Exploit

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CESA-2013_0602

CESA-2013_0605

CVE-2013-1493

ELSA-2013-0602

ELSA-2013-0605

HPSBUX02857

HPSBUX02864

OPENSUSE-SU-2013_0430-1

OPENSUSE-SU-2013_0438-1

OPENSUSE-SU-2024:10534-1

RHSA-2013:0600

RHSA-2013:0601

RHSA-2013:0602

RHSA-2013:0603

RHSA-2013:0604

RHSA-2013:0605

RHSA-2013:0624

RHSA-2013:0625

RHSA-2013:0626

RHSA-2013:1455

RHSA-2013:1456

RHSA-2013_0600

RHSA-2013_0601

RHSA-2013_0602

RHSA-2013_0603

RHSA-2013_0604

RHSA-2013_0605

RHSA-2013_0624

RHSA-2013_0625

RHSA-2013_0626

SUSE-SU-2013_0710-1

ZDI-13-142

ZDI-13-149

Affected Products

Centos

Hp-Ux

Java Platform

Java Se

Red Hat

Suse

PT-2013-3175 · Oracle+4 · Java Se+5

CVE-2013-1493

Weakness Enumeration

Related Identifiers

Affected Products

References · 352