CVE-2013-2465

CVE Database · CVE-2013-2465

CVE-2013-2465

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

98.70%

Published

Jun 18, 2013

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-28 · Due: 2022-04-18

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBJava - 'storeImageArray()' Invalid Array Indexing (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-693

Affected Products (104)

oracle · jrevulnerable