Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-4512

Опубликовано: 30 окт. 2012
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's (DOM) implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when opened in an application linked against KDE libraries, would lead to the application crashing or potential execution of arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kdelibsNot affected
Red Hat Enterprise Linux 6kdelibsFixedRHSA-2012:141630.10.2012
Red Hat Enterprise Linux Desktop (v. 6)FixedRHSA-2012:141830.10.2012
Red Hat Enterprise Linux HPC Node (v. 6)FixedRHSA-2012:141830.10.2012
Red Hat Enterprise Linux Server (v. 6)FixedRHSA-2012:141830.10.2012
Red Hat Enterprise Linux Workstation (v. 6)FixedRHSA-2012:141830.10.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=865779kdelibs: Heap-based buffer overflow when parsing location of a font face source

EPSS

Процентиль: 92%
0.09042
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-4512

CVSS3: 8.8
ubuntu
больше 5 лет назад

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

nvd логотип

CVE-2012-4512

CVSS3: 8.8
nvd
больше 5 лет назад

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

debian логотип

CVE-2012-4512

CVSS3: 8.8
debian
больше 5 лет назад

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...

github логотип

GHSA-8m6q-hj66-2cmr

CVSS3: 8.8
github
больше 3 лет назад

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

oracle-oval логотип

ELSA-2012-1418

oracle-oval
больше 12 лет назад

ELSA-2012-1418: kdelibs security update (CRITICAL)

EPSS

Процентиль: 92%
0.09042
Низкий

6.8 Medium

CVSS2