Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4513

CWE-119 — Buffer Overflow7 documents6 sources

Severity

6.4MEDIUM

EPSS

15.1%

top 5.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

KDE KDE

Timeline

PublishedNov 11

Latest updateMay 17

Description

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDkde/kde4.7.3

🔴Vulnerability Details

GHSA

GHSA-w3c5-x9m9-p26v: khtml/imload/scaledimageplane↗2022-05-17

▶

CVEList

CVE-2012-4513: khtml/imload/scaledimageplane↗2012-11-11

▶

💥Exploits & PoCs

Exploit-DB

Konqueror 4.7.3 - Memory Corruption↗2012-11-01

▶

📋Vendor Advisories

Red Hat

kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop↗2012-10-30

▶

💬Community

Bugzilla

CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP↗2012-12-10

▶

Bugzilla

CVE-2012-4513 kdelibs: Heap-based buffer over-read when calculating dimensions of the canvas within the scale loop↗2012-10-12

▶