Think you have a false positive on this rule?

Sid 1-49117


FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt


This event is generated when an Oracle Java JPEGImageWriter memory corruption attempt is detected.


Attempted User Privilege Gain


CVSS base score 7.6

CVSS impact score 10.0

CVSS exploitability score 4.9

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2013-2429: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.

Affected systems

  • oracle jdk 1.5.0
  • oracle jdk 1.6.0
  • oracle jdk 1.7.0
  • oracle jre 1.5.0
  • oracle jre 1.6.0
  • oracle jre 1.7.0
  • sun jdk 1.5.0
  • sun jdk 1.6.0
  • sun jre 1.5.0
  • sun jre 1.6.0

Ease of attack


Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

False positives

False negatives

Corrective action


  • Cisco Talos Intelligence Group

Additional References