CVE-2012-4540
Severity
6.8MEDIUM
EPSS
1.5%
top 18.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 11
Latest updateMay 14
Description
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE…
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-44v2-cg42-mx34: Off-by-one error in the invoke function in IcedTeaScriptablePluginObject↗2022-05-14
CVEList
▶
OSV
▶
📋Vendor Advisories
4Red Hat
▶
Debian▶
CVE-2012-4540: icedtea-web - Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in I...↗2012