First published: Mon Apr 14 2014(Updated: )
It was discovered that certain medialib operations do not properly validate that mlib and raster images correspond to each other. A remote attacker could possibly use this flaw to trigger a Java Virtual Machine memory corruption.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/icedtea | <1.13.3 | 1.13.3 |
redhat/icedtea | <2.4.7 | 2.4.7 |
Ubuntu | =10.04 | |
Ubuntu | =12.04 | |
Ubuntu | =12.10 | |
Ubuntu | =13.10 | |
Ubuntu | =14.04 | |
Oracle Java SE | =r27.8.1 | |
Oracle Java SE | =r28.3.1 | |
Juniper Networks Junos Space | <15.1 | |
Oracle Java SE 7 | =1.5.0-update61 | |
Oracle Java SE 7 | =1.6.0-update71 | |
Oracle Java SE 7 | =1.7.0-update51 | |
Oracle Java SE 7 | =1.8.0 | |
Oracle JRE | =1.5.0-update61 | |
Oracle JRE | =1.6.0-update71 | |
Oracle JRE | =1.7.0-update51 | |
Oracle JRE | =1.8.0 | |
Debian Linux | =6.0 | |
Debian Linux | =7.0 | |
Debian Linux | =8.0 | |
IBM Forms Viewer | >=4.0.0<4.0.0.3 | |
IBM Forms Viewer | >=8.0.0<8.0.1.1 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0429 is classified as a high severity vulnerability due to its potential to cause memory corruption in the Java Virtual Machine.
To fix CVE-2014-0429, upgrade to the appropriate patched version of Java or IcedTea as specified in the vendor advisories.
CVE-2014-0429 affects multiple versions of Oracle Java SE, IcedTea, and other products including specific versions of Ubuntu and Debian.
Yes, CVE-2014-0429 can be exploited remotely by an attacker to trigger memory corruption.
Systems running unpatched versions of Oracle JDK, JRE, and IcedTea are at risk from CVE-2014-0429.