CVE-2013-5907Oracle JDK vulnerability

7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
16.6%
top 5.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedJan 15
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDoracle/jrockitr27.7.7, r28.2.9+1
NVDoracle/jdk1.5.0, 1.6.0, 1.7.0+2
NVDoracle/jre1.5.0, 1.6.0, 1.7.0+2

🔴Vulnerability Details

2
GHSA
GHSA-f4vm-g8q2-m52q: Unspecified vulnerability in Oracle Java SE 52022-05-13
CVEList
CVE-2013-5907: Unspecified vulnerability in Oracle Java SE 52014-01-15

📋Vendor Advisories

3
Ubuntu
OpenJDK 6 vulnerabilities2014-02-27
Ubuntu
OpenJDK 7 vulnerabilities2014-01-23
Red Hat
ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)2014-01-14

💬Community

1
Bugzilla
CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)2014-01-14
CVE-2013-5907 — Oracle JDK vulnerability | cvebase