CVE-2012-4512

Опубликовано: 30 окт. 2012

Источник: redhat

CVSS2: 6.8

EPSS Средний

Описание

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's (DOM) implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when opened in an application linked against KDE libraries, would lead to the application crashing or potential execution of arbitrary code.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kdelibs	Not affected
Red Hat Enterprise Linux 6	kdelibs	Fixed	RHSA-2012:1416	30.10.2012
Red Hat Enterprise Linux Desktop (v. 6)		Fixed	RHSA-2012:1418	30.10.2012
Red Hat Enterprise Linux HPC Node (v. 6)		Fixed	RHSA-2012:1418	30.10.2012
Red Hat Enterprise Linux Server (v. 6)		Fixed	RHSA-2012:1418	30.10.2012
Red Hat Enterprise Linux Workstation (v. 6)		Fixed	RHSA-2012:1418	30.10.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=865779kdelibs: Heap-based buffer overflow when parsing location of a font face source

EPSS

Процентиль: 94%

0.12763

Средний

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2012-4512

CVSS3: 8.8

ubuntu

почти 6 лет назад

CVE-2012-4512

CVSS3: 8.8

nvd

почти 6 лет назад

CVE-2012-4512

CVSS3: 8.8

debian

почти 6 лет назад

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...

GHSA-8m6q-hj66-2cmr

CVSS3: 8.8

github

почти 4 года назад

ELSA-2012-1418

oracle-oval

почти 13 лет назад

ELSA-2012-1418: kdelibs security update (CRITICAL)

EPSS

Процентиль: 94%

0.12763

Средний

6.8 Medium

CVSS2