5.1
CVE-2011-1179
- EPSS 3.89%
- Veröffentlicht 18.04.2011 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:28:52
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.89% | 0.889 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.redhat.com/support/errata/RHSA-2011-0426.html
http://www.securityfocus.com/bid/47269
http://www.securitytracker.com/id?1025304
http://www.vupen.com/english/advisories/2011/0899
http://secunia.com/advisories/44060
http://www.redhat.com/support/errata/RHSA-2011-0427.html
https://bugzilla.redhat.com/attachment.cgi?id=487006&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=689931
https://exchange.xforce.ibmcloud.com/vulnerabilities/66777