8.8

CVE-2012-4512

Exploit
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version4.7.3
RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.66% 0.955
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html
Third Party Advisory
Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1416.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1418.html
Third Party Advisory
http://secunia.com/advisories/51097
Third Party Advisory
Not Applicable
http://secunia.com/advisories/51145
Third Party Advisory
Not Applicable
http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/11/11
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2012/10/30/6
Third Party Advisory
Mailing List
http://www.securitytracker.com/id?1027709
Third Party Advisory
VDB Entry
http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
Third Party Advisory
Exploit
http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352
Vendor Advisory
Broken Link