The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html | Broken Link Third Party Advisory |
http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html | Exploit Third Party Advisory |
http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352 | Broken Link Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2012-1416.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2012-1418.html | Third Party Advisory |
http://secunia.com/advisories/51097 | Not Applicable Third Party Advisory |
http://secunia.com/advisories/51145 | Not Applicable Third Party Advisory |
http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/10/11/11 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/10/30/6 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id?1027709 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." |
02 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's (DOM) implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when opened in an application linked against KDE libraries, would lead to the application crashing or potential execution of arbitrary code. |
Information
Published : 2020-02-08 19:15
Updated : 2023-12-10 13:13
NVD link : CVE-2012-4512
Mitre link : CVE-2012-4512
CVE.ORG link : CVE-2012-4512
JSON object : View
Products Affected
redhat
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_server_eus
kde
- kde
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')