Vulnerability CVE-2012-4512

Vulnerability Name:

CVE-2012-4512 (CCN-176590)

Assigned:

2012-10-11

Published:

2012-10-11

Updated:

2023-02-13

Summary:

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-122

Vulnerability Consequences:

Denial of Service

References:

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2012-4512

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Not Applicable, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Not Applicable, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
kde-konqueror-cve20124512-dos(176590)

Source: CCN
Type: KDE Web site
Konqueror - Web Browser, File Manager and Viewer - KDE.org

Source: CCN
Type: oss-sec Mailing List, Thu, 11 Oct 2012 12:13:05 -0600
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:kde:konqueror:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20124512	V	CVE-2012-4512	2022-05-20
oval:org.opensuse.security:def:33760	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:32237	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:26180	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:26179	P	Security update for gmp (Moderate)	2021-12-02
oval:org.opensuse.security:def:31713	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:34594	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:34554	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:26136	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:29425	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33703	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:31639	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:55200	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36427	P	kdelibs4-doc-4.3.5-0.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42568	P	kdelibs4-4.3.5-0.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36161	P	kdelibs4-4.3.5-0.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33916	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:31628	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:31627	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:26052	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55878	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:33092	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:33085	P	Security update for postgresql-jdbc (Moderate)	2021-02-25
oval:org.opensuse.security:def:33081	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:33080	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:54755	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:57154	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:29368	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:25977	P	Security update for openssl-1_1 (Important)	2020-12-10
oval:org.opensuse.security:def:25976	P	Security update for curl (Moderate)	2020-12-10
oval:org.opensuse.security:def:33872	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27746	P	Security update for flac	2020-12-01
oval:org.opensuse.security:def:27892	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27319	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29663	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:29823	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27191	P	libjasper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55759	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:57228	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:29082	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31994	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32342	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:54355	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31937	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33306	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26340	P	Recommended update for openjpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:26486	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:33171	P	libpixman-1-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26553	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25786	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26605	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26897	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27628	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27458	P	libldb-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27795	P	Security update for libksba	2020-12-01
oval:org.opensuse.security:def:28530	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27401	P	flac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29717	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29867	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27115	P	elfutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29282	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:55485	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:55797	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:29151	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:33124	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54377	P	rtkit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33458	P	Security update for iSCSI	2020-12-01
oval:org.opensuse.security:def:33809	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:33401	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26389	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27124	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26606	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26752	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25710	P	Security update for log4j (Important)	2020-12-01
oval:org.opensuse.security:def:25914	P	Security update for firebird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26756	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26911	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27542	P	python-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27834	P	Security update for mono-core (Moderate)	2020-12-01
oval:org.opensuse.security:def:28565	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:29766	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:30505	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27116	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55593	P	Security update for coreutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:29070	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:54517	P	libXcursor1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33546	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33848	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:26428	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:27159	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26655	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27390	P	dhcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25711	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26809	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26955	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26383	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:27693	P	Security update for xorg-x11-libxcb	2020-12-01
oval:org.opensuse.security:def:27848	P	Security update for OpenSLP	2020-12-01
oval:org.opensuse.security:def:26255	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29510	P	Security update for ImageMagick (Low)	2020-12-01
oval:org.opensuse.security:def:29805	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:30542	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:27127	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55034	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55685	P	Security update for libotr (Moderate)	2020-12-01
oval:org.opensuse.security:def:29071	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:54928	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32293	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:32447	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:54354	P	perl-LWP-Protocol-https on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31845	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26287	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:26442	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:26402	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:26694	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27425	P	kdelibs4-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25722	P	Security update for ovmf (Low)	2020-12-01
oval:org.opensuse.security:def:26521	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26858	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27593	P	Security update for python-azure-agent (Moderate)	2020-12-01
oval:org.mitre.oval:def:27310	P	ELSA-2012-1416 -- kdelibs security update (critical)	2014-12-15
oval:org.mitre.oval:def:27156	P	RHSA-2012:1416 -- kdelibs security update (Critical)	2014-12-08
oval:org.mitre.oval:def:25329	P	SUSE-SU-2013:1559-1 -- Security update for kdelibs4	2014-09-08
oval:org.mitre.oval:def:23067	P	ELSA-2012:1418: kdelibs security update (Critical)	2014-05-26
oval:org.mitre.oval:def:21385	P	RHSA-2012:1418: kdelibs security update (Critical)	2014-02-24
oval:org.opensuse.security:def:79862	P	Security update for kdelibs4	2013-10-01
oval:com.redhat.rhsa:def:20121416	P	RHSA-2012:1416: kdelibs security update (Critical)	2012-10-30
oval:com.redhat.rhsa:def:20121418	P	RHSA-2012:1418: kdelibs security update (Critical)	2012-10-30
oval:com.ubuntu.xenial:def:201245120000000	V	CVE-2012-4512 on Ubuntu 16.04 LTS (xenial) - low.	2012-10-11
oval:com.ubuntu.xenial:def:20124512000	V	CVE-2012-4512 on Ubuntu 16.04 LTS (xenial) - low.	2012-10-11
oval:com.ubuntu.precise:def:20124512000	V	CVE-2012-4512 on Ubuntu 12.04 LTS (precise) - low.	2012-10-11
oval:com.ubuntu.trusty:def:20124512000	V	CVE-2012-4512 on Ubuntu 14.04 LTS (trusty) - low.	2012-10-11

BACK