CVE-2013-1569

critical

Published 2013-04-17 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-1569

vendor Authored 2026-05-27

Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`52.1-1`
debian	bullseye	fixed	`52.1-1`
debian	forky	fixed	`52.1-1`
debian	sid	fixed	`52.1-1`
debian	trixie	fixed	`52.1-1`

Application impact

Vendor	Product	Versions
oracle	jre	`{"endIncluding":"1.7.0"}`
oracle	jre	`1.7.0`
oracle	jdk	`{"endIncluding":"1.7.0"}`
oracle	jdk	`1.7.0`
oracle	jre	`1.6.0`
sun	jre	`1.6.0`
oracle	jdk	`1.6.0`
sun	jdk	`1.6.0`
oracle	jre	`1.5.0`
sun	jre	`1.5.0`
oracle	jdk	`1.5.0`
sun	jdk	`1.5.0`

References

Verify integrity in audit chain (admin only). AS-IS.