Strix
26.1K

CVE-2013-1480

UnknownEPSS 7.78%

Last modified

CVE-2013-1480 is a vulnerability of currently unknown severity. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. EPSS estimates a 7.78% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.

Metrics

EPSS Probability
7.78%

93.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
OracleJre1.7.0
OracleJdk1.7.0
OracleJre1.6.0Update22
SunJre1.6.0
OracleJdk1.6.0Update22
SunJdk1.6.0
OracleJre1.5.0Update36
SunJre1.5.0
OracleJdk1.5.0Update36
SunJdk1.5.0
OracleJre<= 1.4.2_40
OracleJre1.4.2_38
SunJre1.4.2
SunJre1.4.2_1
SunJre1.4.2_2
SunJre1.4.2_3
SunJre1.4.2_4
SunJre1.4.2_5
SunJre1.4.2_6
SunJre1.4.2_7
SunJre1.4.2_8
SunJre1.4.2_9
SunJre1.4.2_10
SunJre1.4.2_11
SunJre1.4.2_12
SunJre1.4.2_13
SunJre1.4.2_14
SunJre1.4.2_15
SunJre1.4.2_16
SunJre1.4.2_17
SunJre1.4.2_18
SunJre1.4.2_19
SunJre1.4.2_20
SunJre1.4.2_21
SunJre1.4.2_22
SunJre1.4.2_23
SunJre1.4.2_24
SunJre1.4.2_25
SunJre1.4.2_26
SunJre1.4.2_27
SunJre1.4.2_28
SunJre1.4.2_29
SunJre1.4.2_30
SunJre1.4.2_31
SunJre1.4.2_32
SunJre1.4.2_33
SunJre1.4.2_34
SunJre1.4.2_35
SunJre1.4.2_36
SunJre1.4.2_37

Showing 50 of 87 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-1480?
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
How severe is CVE-2013-1480?
Severity scoring for CVE-2013-1480 is pending analysis. The EPSS model estimates a 7.78% probability of exploitation in the next 30 days.
How do I fix CVE-2013-1480?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1480?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST