Red Hat Customer Portal

Skip to main content

CVE-2013-1493

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

Details Source

Mitre

Public Date

2013-03-04 00:00:00

Impact

Critical

Bugzilla

CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)

Bugzilla ID

917 553

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

External References

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2013:0624 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2013:0601 2013-03-06
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle) RHSA-2013:0600 2013-03-06
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2013:0600 2013-03-06
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-sun) RHSA-2013:0601 2013-03-06
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2013:0602 2013-03-06
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2013:0624 2013-03-11
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2013:0603 2013-03-06
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2013:0604 2013-03-06
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2013:0605 2013-03-06

Affected Packages State

Platform Package State
Red Hat Enterprise Linux Supplementary version 6 java-1.7.0-openjdk Affected
Red Hat Enterprise Linux Supplementary version 6 java-1.6.0-openjdk Affected