CVE-2013-1927
Published: 17 April 2013
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(1.2.3-0ubuntu0.10.04.1)
|
|
oneiric |
Released
(1.2.3-0ubuntu0.11.10.1)
|
|
precise |
Released
(1.2.3-0ubuntu0.12.04.1)
|
|
quantal |
Released
(1.3.2-1ubuntu0.12.10.1)
|
|
upstream |
Released
(1.2.3, 1.3.2)
|
|
Patches: upstream: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 |