CVE-2012-4513
published 2012-11-11CVE-2012-4513: khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large…
PriorityP340medium6.4CVSS 2.0
AVNACLAuNCPINAP
EXPLOIT
EPSS
12.60%
95.7th percentile
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | kde | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
vendor_redhat·2012-10-30·CVSS 6.4
CVE-2012-4513 [MEDIUM] kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
Package: kdelibs (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-w3c5-x9m9-p26v: khtml/imload/scaledimageplane
ghsa_unreviewed·2022-05-17
CVE-2012-4513 [MEDIUM] CWE-119 GHSA-w3c5-x9m9-p26v: khtml/imload/scaledimageplane
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
No detection rules found.
Bugzilla
CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP
bugzilla·2012-12-10·CVSS 7.5
CVE-2012-5629 [HIGH] CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP
CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP
The jboss-as-domain-management and jbosssx (now part of PicketLink) modules under default conditions allow users to authenticate with a blank password when LDAP authentication is configured and unauthenticated authentication is supported by the LDAP server. This is in violation of the recommendations of RFC 4513, which states that clients should disallow empty passwords as input to a name/password authentication interface, and not allow the input of an empty password to trigger the selection of the unauthenticated authentication mechanism.
Discussion:
This issue has been addressed in following products:
JBEWP 5 for RHEL 4
JBEWP 5 for RHEL 5
JBEWP 5 for RHEL 6
Via RHSA-2013:0230 https://rhn.redhat.com/errata/RHSA-2
Bugzilla
CVE-2012-4513 kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
bugzilla·2012-10-12·CVSS 6.4
CVE-2012-4513 [MEDIUM] CVE-2012-4513 kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
CVE-2012-4513 kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop
A heap-based buffer over-read flaw was found in the way scaledimageplane, large image displaying library of KDE libraries, performed calculation of dimensions for the canvas for large images with very high ratios. A remote attacker could provide a specially-crafted web page that, when opened in an application linked against KDE libraries (such as konqueror), would lead to that application crash or, potentially, disclose portions of its memory (the latter being 32-bit architectures specific).
Upstream patch:
[1] http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53
References:
[2] http://www.openwall.com/lists/oss-security/20
http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53http://rhn.redhat.com/errata/RHSA-2012-1416.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1418.htmlhttp://secunia.com/advisories/51097http://secunia.com/advisories/51145http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6http://www.securitytracker.com/id?1027709http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53http://rhn.redhat.com/errata/RHSA-2012-1416.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1418.htmlhttp://secunia.com/advisories/51097http://secunia.com/advisories/51145http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6http://www.securitytracker.com/id?1027709
2012-11-11
Published