CVE-2012-4514
published 2012-11-11CVE-2012-4514: rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
9.70%
94.9th percentile
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
Affected
77 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | kde | <= 4.9.2 | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
(khtml): NULL pointer dereference when trying to reuse a frame with null part
vendor_redhat·2012-10-30·CVSS 5.0
CVE-2012-4514 [MEDIUM] CWE-476 (khtml): NULL pointer dereference when trying to reuse a frame with null part
(khtml): NULL pointer dereference when trying to reuse a frame with null part
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
Statement: Not a security flaw. Red Hat Security Response Team does not consider a user-assisted end user application crash (such a konqueror) to be a security issue.
Package: kdelibs (Red Hat Enterprise Linux 5) - Not affected
Package: kdelibs (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-gv8j-6fjv-8p98: rendering/render_replaced
ghsa_unreviewed·2022-05-17
CVE-2012-4514 [MEDIUM] GHSA-gv8j-6fjv-8p98: rendering/render_replaced
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
No detection rules found.
Bugzilla
CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
bugzilla·2012-10-30·CVSS 5.0
CVE-2012-4514 [MEDIUM] CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
Bugzilla
CVE-2012-4514 kdelibs (khtml): NULL pointer dereference when trying to reuse a frame with null part
bugzilla·2012-10-24·CVSS 5.0
CVE-2012-4514 [MEDIUM] CVE-2012-4514 kdelibs (khtml): NULL pointer dereference when trying to reuse a frame with null part
CVE-2012-4514 kdelibs (khtml): NULL pointer dereference when trying to reuse a frame with null part
A NULL pointer dereference flaw was found in the way HTML implementation of KDE libraries performed processing of HTML pages containing frames with null parts. A remote attacker could provide a specially-crafted web page that, when opened in an application linked against KDE libraries (such as konqueror) would lead to that application crash.
Relevant upstream patch:
[1] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65464349951e0df9b5d80c2eb3cc7458d54923ae
References:
[2] http://www.openwall.com/lists/oss-security/2012/10/10/11
[3] http://www.openwall.com/lists/oss-security/2012/10/11/11
Discussion:
This issue did NOT affect the versions of the kdelibs package, as sh
http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923aehttp://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6https://bugs.kde.org/show_bug.cgi?id=271528http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923aehttp://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6https://bugs.kde.org/show_bug.cgi?id=271528
2012-11-11
Published