CVE-2013-2472high
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
References
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/3cd4bec64e31
https://bugzilla.redhat.com/show_bug.cgi?id=975107
http://secunia.com/advisories/54154
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
http://rhn.redhat.com/errata/RHSA-2013-1081.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
http://marc.info/?l=bugtraq&m=137545592101387&w=2
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://advisories.mageia.org/MGASA-2013-0185.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.securityfocus.com/bid/60656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16712
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Details
Source: MITRE
Published: 2013-06-18
Updated: 2022-05-13
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH