CVE-2013-1927
IcedTea-Web < 1.2.3 and 1.3.x < 1.3.2 - Remote Code Execution via GIFAR
Title source: llmDescription
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
References (22)
Core 22
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0753.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53109
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59286
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83640
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53117
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1804-1
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=884705
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92544
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
Third Party Advisory x_refsource_misc
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e
Various Sources mailing-list
x_refsource_mlist
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
Scores
EPSS
0.0432
EPSS Percentile
90.1%
Details
Status
published
Products (25)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
opensuse/opensuse
12.2
redhat/icedtea-web
1.0
redhat/icedtea-web
1.0.1
redhat/icedtea-web
1.0.2
redhat/icedtea-web
1.0.3
redhat/icedtea-web
1.0.4
... and 15 more
Published
Apr 29, 2013
Tracked Since
Feb 18, 2026