Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4512

CWE-843 CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

8.8HIGH

EPSS

11.5%

top 6.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

KDE Konqueror KDE KDE Redhat Enterprise Linux +3 more

Timeline

PublishedFeb 8

Latest updateApr 23

Description

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5kde/konqueror4.7.3

▶NVDkde/kde4.7.3

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Enterprise Linux 6.0, 6.3

🔴Vulnerability Details

GHSA

GHSA-8m6q-hj66-2cmr: The CSS parser (khtml/css/cssparser↗2022-04-23

▶

CVEList

CVE-2012-4512: The CSS parser (khtml/css/cssparser↗2020-02-08

▶

💥Exploits & PoCs

Exploit-DB

Konqueror 4.7.3 - Memory Corruption↗2012-11-01

▶

📋Vendor Advisories

Red Hat

kdelibs: Heap-based buffer overflow when parsing location of a font face source↗2012-10-30

▶

💬Community

Bugzilla

CVE-2012-4512 kdelibs: Heap-based buffer overflow when parsing location of a font face source↗2012-10-12

▶