CVE-2013-1927
published 2013-04-29CVE-2013-1927: The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | icedtea-web | < icedtea-web 1.3.2-1 (bookworm) | icedtea-web 1.3.2-1 (bookworm) |
| opensuse | opensuse | — | — |
| python-gnupg_project | python-gnupg | >= 0.3.5 < 0.3.6 | 0.3.6 |
| redhat | icedtea-web | <= 1.2.2 | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
osv6.8MEDIUM