Lucene search
John LeitchZDI-14-038HistoryApr 03, 2014 - 12:00 a.m.
Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
2014-04-0300:00:00
John Leitch
www.zerodayinitiative.com
13
0.433 Medium
EPSS
Percentile
97.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TrueType fonts. The issue lies in the handling of TTF files with an overly large LookupCount. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
Related
cvelist
cvelist
CVE-2013-5907
2014-01-15 01:33:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:56:13
Remote Code Execution (RCE)
2019-05-02 05:01:08
Sandbox Restrictions Bypass
2019-05-02 05:01:07
checkpoint_advisories
checkpoint_advisories
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
2014-05-08 00:00:00
nvd
nvd
CVE-2013-5907
2014-01-15 16:08:06
ubuntucve
ubuntucve
CVE-2013-5907
2014-01-15 00:00:00
cve
cve
CVE-2013-5907
2014-01-15 16:08:06
prion
prion
Input validation
2014-01-15 16:08:00
zdi
zdi
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 21:06:56
nessus
nessus
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0136)
2014-02-05 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)
2014-02-05 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2124-1)
2014-02-28 00:00:00
redhat
redhat
(RHSA-2014:0136) Important: java-1.5.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2014:0097-01
2014-01-30 00:00:00
CentOS Update for java CESA-2014:0097 centos5
2014-01-30 00:00:00
Ubuntu: Security Advisory (USN-2124-1)
2014-03-04 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
amazon
amazon
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
centos
centos
java security update
2014-01-15 11:04:23
java security update
2014-01-27 22:53:27
java security update
2014-01-15 11:16:34
suse
suse
Security update for IBM Java (important)
2014-02-18 13:04:15
Security update for IBM Java 6 (important)
2014-02-21 15:04:13
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
f5
f5
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00