LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kdelibs: multiple vulnerabilities

Package(s):kdelibs CVE #(s):CVE-2012-4512 CVE-2012-4513
Created:October 31, 2012 Updated:February 28, 2013
Description: From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4512)

A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory. (CVE-2012-4513)

Alerts:
Red Hat RHSA-2012:1416-01 2012-10-30
Red Hat RHSA-2012:1418-01 2012-10-30
CentOS CESA-2012:1418 2012-10-30
CentOS CESA-2012:1416 2012-10-30
Oracle ELSA-2012-1416 2012-10-30
Scientific Linux SL-kdel-20121030 2012-10-30
Scientific Linux SL-kdel-20121030 2012-10-30
openSUSE openSUSE-SU-2012:1581-1 2012-11-28
Oracle ELSA-2012-1418 2013-02-28
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds