CVE-2013-1493 (retired)

Priority
Description
The color management (CMM) functionality in the 2D component in Oracle Java
SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and
earlier allows remote attackers to execute arbitrary code or cause a denial
of service (crash) via an image with crafted raster parameters, which
triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as
exploited in the wild in February 2013.
Notes
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
 jdstrand> as of 2013-03-05, no patches for openjdk-7
Assigned-to
jdstrand
Package
Upstream:needs-triage
Package
Upstream:pending (7u15-2.3.8)
More Information

Updated: 2019-03-26 12:07:01 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)