Critical severity9.8CISA KEVNVD Advisory· Published Jun 18, 2013· Updated Jun 16, 2026

CVE-2013-2465

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

107

Oracle Corporation/Jre42 versions
cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
Sun Corporation/Jre50 versions
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*+ 49 more
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
SUSE S.A./Linux Enterprise Java3 versions
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server6 versions
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*+ 5 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
Openjdk/OpenJDKllm-fuzzy
Range: <=7
Oracle Corporation/Java SEllm-fuzzy
Range: <=7 Update 21, <=6 Update 45, <=5.0 Update 45
osv-coords
pkg:rpm/opensuse/java-1_7_0-openjdk&distro=openSUSE%20Tumbleweed
Range: < 1.7.0.121-1.1

Patches

Vulnerability mechanics

References

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040nvdPatch
www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerabilitynvdExploitThird Party Advisory
www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerabilitynvdExploitThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlnvdMailing ListThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0963.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1059.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1060.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1081.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1455.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1456.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201406-32.xmlnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htmlnvdVendor Advisory
www.securityfocus.com/bid/60657nvdBroken LinkThird Party AdvisoryVDB Entry
www.us-cert.gov/ncas/alerts/TA13-169AnvdThird Party AdvisoryUS Government Resource
access.redhat.com/errata/RHSA-2014:0414nvdThird Party Advisory
advisories.mageia.org/MGASA-2013-0185.htmlnvdBroken Link
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
secunia.com/advisories/54154nvdNot Applicable
www.mandriva.com/security/advisoriesnvdNot Applicable
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable Blog · May 27, 2026

cvss	0.637
epss	0.079
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060