⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2013-1493 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle JDK
Severity
10.0CRITICALNVD
EPSS
93.0%
top 0.22%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 5
Latest updateMay 14
Description
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages4 packages
🔴Vulnerability Details
3GHSA▶
GHSA-v3wr-hv3w-x2rj: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5↗2022-05-14
CVEList▶
CVE-2013-1493: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5↗2013-03-04
VulnCheck▶
Oracle Java Runtime Environment (JRE) Improper Restriction of Operations within the Bounds of a Memory Buffer↗2013