First published: Mon Apr 14 2014(Updated: )
It was discovered that the JPEG decoder did not properly handle certain input streams. An untrusted Java application or applet could possibly use this flaw to trigger a Java Virtual Machine memory corruption.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/icedtea | <1.13.3 | 1.13.3 |
redhat/icedtea | <2.4.7 | 2.4.7 |
Ubuntu | =10.04 | |
Ubuntu | =12.04 | |
Ubuntu | =12.10 | |
Ubuntu | =13.10 | |
Ubuntu | =14.04 | |
Oracle Java SE | =r27.8.1 | |
Oracle Java SE | =r28.3.1 | |
Juniper Networks Junos Space | <15.1 | |
Oracle Java SE 7 | =1.5.0-update61 | |
Oracle Java SE 7 | =1.6.0-update71 | |
Oracle Java SE 7 | =1.7.0-update51 | |
Oracle Java SE 7 | =1.8.0 | |
Oracle JRE | =1.5.0-update61 | |
Oracle JRE | =1.6.0-update71 | |
Oracle JRE | =1.7.0-update51 | |
Oracle JRE | =1.8.0 | |
Debian Linux | =6.0 | |
Debian Linux | =7.0 | |
Debian Linux | =8.0 | |
IBM Forms Viewer | >=4.0.0<4.0.0.3 | |
IBM Forms Viewer | >=8.0.0<8.0.1.1 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-2421 has been classified as a critical vulnerability due to its potential for causing memory corruption in the Java Virtual Machine.
To fix CVE-2014-2421, users should update to the latest version of the affected software, particularly JDK or JRE versions that contain patches for this vulnerability.
CVE-2014-2421 affects various versions of Oracle Java SE, JRockit, and Linux distributions like Ubuntu and Debian among others.
Yes, CVE-2014-2421 can be exploited remotely by untrusted Java applications or applets, potentially allowing an attacker to execute arbitrary code.
As of now, while the vulnerability is documented, specific exploits for CVE-2014-2421 have not been publicly disclosed.