Unrated severityNVD Advisory· Published Jun 18, 2013· Updated Apr 29, 2026
CVE-2013-2472
CVE-2013-2472
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
Affected products
186cpe:2.3:a:oracle:jdk:1.5.0:update36:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:oracle:jdk:1.5.0:update36:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update40:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:*range: <=1.7.0
- cpe:2.3:a:oracle:jdk:*:update45:*:*:*:*:*:*range: <=1.6.0
cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:*range: <=1.7.0
- cpe:2.3:a:oracle:jre:*:update45:*:*:*:*:*:*range: <=1.6.0
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 54 more
- cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*+ 52 more
- cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htmlnvdVendor Advisory
- www.us-cert.gov/ncas/alerts/TA13-169AnvdUS Government Resource
- advisories.mageia.org/MGASA-2013-0185.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/3cd4bec64e31nvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2013-0963.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1059.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1060.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1081.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1455.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1456.htmlnvd
- secunia.com/advisories/54154nvd
- security.gentoo.org/glsa/glsa-201406-32.xmlnvd
- www-01.ibm.com/support/docview.wssnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/60656nvd
- access.redhat.com/errata/RHSA-2014:0414nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16712nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18742nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18846nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19543nvd
News mentions
0No linked articles in our index yet.