The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka GIFAR.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Icedtea-web | Redhat | * | 1.2.2 |
Icedtea-web | Redhat | 1.0 | 1.0 |
Icedtea-web | Redhat | 1.0.1 | 1.0.1 |
Icedtea-web | Redhat | 1.0.2 | 1.0.2 |
Icedtea-web | Redhat | 1.0.3 | 1.0.3 |
Icedtea-web | Redhat | 1.0.4 | 1.0.4 |
Icedtea-web | Redhat | 1.0.5 | 1.0.5 |
Icedtea-web | Redhat | 1.0.6 | 1.0.6 |
Icedtea-web | Redhat | 1.1 | 1.1 |
Icedtea-web | Redhat | 1.1.1 | 1.1.1 |
Icedtea-web | Redhat | 1.1.2 | 1.1.2 |
Icedtea-web | Redhat | 1.1.3 | 1.1.3 |
Icedtea-web | Redhat | 1.1.4 | 1.1.4 |
Icedtea-web | Redhat | 1.1.5 | 1.1.5 |
Icedtea-web | Redhat | 1.1.6 | 1.1.6 |
Icedtea-web | Redhat | 1.1.7 | 1.1.7 |
Icedtea-web | Redhat | 1.2 | 1.2 |
Icedtea-web | Redhat | 1.2.1 | 1.2.1 |
Icedtea-web | Redhat | 1.3 | 1.3 |
Icedtea-web | Redhat | 1.3.1 | 1.3.1 |