Lucene search
John LeitchZDI-14-013HistoryFeb 05, 2014 - 12:00 a.m.
Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability
2014-02-0500:00:00
John Leitch
www.zerodayinitiative.com
24
0.433 Medium
EPSS
Percentile
97.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing routines of a ttf font file with a large offset value for a script table. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
Related
cvelist
cvelist
CVE-2013-5907
2014-01-15 01:33:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
2014-05-08 00:00:00
zdi
zdi
prion
prion
Input validation
2014-01-15 16:08:00
cve
cve
CVE-2013-5907
2014-01-15 16:08:06
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:56:13
Sandbox Restrictions Bypass
2019-05-02 05:01:06
Sandbox Restrictions Bypass
2019-05-02 05:01:07
nvd
nvd
CVE-2013-5907
2014-01-15 16:08:06
ubuntucve
ubuntucve
CVE-2013-5907
2014-01-15 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 21:06:56
nessus
nessus
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0136)
2014-02-05 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 regression (USN-2124-2)
2014-04-08 00:00:00
redhat
redhat
(RHSA-2014:0136) Important: java-1.5.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-283)
2015-09-08 00:00:00
CentOS Update for java CESA-2014:0097 centos5
2014-01-30 00:00:00
CentOS Update for java CESA-2014:0097 centos6
2014-01-30 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
centos
centos
java security update
2014-01-27 22:53:27
java security update
2014-01-15 11:04:23
java security update
2014-01-15 11:16:34
amazon
amazon
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
suse
suse
Security update for IBM Java (important)
2014-02-18 13:04:15
Security update for IBM Java 6 (important)
2014-02-21 15:04:13
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
f5
f5
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00