CVE-2013-1927

Published: 17 April 2013

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

Priority

Medium

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.3, 1.3.2)
Patches:
Upstream: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 (1.3)