CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

Published: Apr 30, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1927
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / icedtea-web	1.0.4	1.0.4.x
redhat / icedtea-web	1.0.6	1.0.6.x
redhat / icedtea-web	1.2.1	1.2.1.x
redhat / icedtea-web	1.1.4	1.1.4.x
redhat / icedtea-web	1.1.1	1.1.1.x
redhat / icedtea-web	1.1.2	1.1.2.x
redhat / icedtea-web	1.2	1.2.x
redhat / icedtea-web	-	1.2.2.x
redhat / icedtea-web	1.0.2	1.0.2.x
redhat / icedtea-web	1.3.1	1.3.1.x
redhat / icedtea-web	1.1.6	1.1.6.x
redhat / icedtea-web	1.0.3	1.0.3.x
redhat / icedtea-web	1.1.7	1.1.7.x
redhat / icedtea-web	1.3	1.3.x
redhat / icedtea-web	1.0.5	1.0.5.x
redhat / icedtea-web	1.1	1.1.x
redhat / icedtea-web	1.0.1	1.0.1.x
redhat / icedtea-web	1.1.5	1.1.5.x
redhat / icedtea-web	1.1.3	1.1.3.x
redhat / icedtea-web	1.0	1.0.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x
opensuse / opensuse	12.2	12.2.x

Vulnerability Database

289,697

CVE-2013-1927